A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.
CPE | Name | Operator | Version |
---|---|---|---|
dext5 | le | 2.7.1402870 |