A issue was discovered in SiteServer CMS prior to version 6.12. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp
, which is converted to .asp
because the “as” substring is deleted.
CPE | Name | Operator | Version |
---|---|---|---|
sscms | eq | 1.0.0-preview4 |