2 matches found
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload which allows an administrator to trigger remote code execution. Exploiting this vulnerability is possible by using file extension .aassp which is converted to .asp because the "as" substring is deleted. Remediation...
SiteServer CMS Arbitrary Code Execution Vulnerability
SiteServer CMS is an open source, free, enterprise-class CMS content management system. An arbitrary code execution vulnerability exists in SiteServer CMS 6.9.0. The vulnerability stems from the fact that administrators can add a permitted file extension .aassp, which is converted to .asp due to...