Lucene search
HistoryOct 28, 2015 - 10:59 a.m.
CVE-2015-7904
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
57.5%
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Affected configurations
Node
infinite_automation_systemsmango_automationMatch2.5.0
ORinfinite_automation_systemsmango_automationMatch2.5.5
ORinfinite_automation_systemsmango_automationMatch2.6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| infinite_automation_systems | mango_automation | 2.5.0 | cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:* |
| infinite_automation_systems | mango_automation | 2.5.5 | cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:* |
| infinite_automation_systems | mango_automation | 2.6.0 | cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-7904
2015-10-28 10:00:00
cve
cve
CVE-2015-7904
2015-10-28 10:59:24
prion
prion
Unrestricted file upload
2015-10-28 10:59:00
zeroscience
zeroscience
Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution
2015-09-26 00:00:00
ics
ics
Infinite Automation Systems Mango Automation Vulnerabilities (Update A)
2018-08-27 12:00:00
exploitdb
exploitdb
Mango Automation 2.6.0 - Multiple Vulnerabilities
2015-09-28 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
57.5%
Related for NVD:CVE-2015-7904