CVE-2015-1604
Adminsystems CMS (asys) is affected by CVE-2015-1604: an unrestricted file upload in asys/site/files.php prior to 4.0.2 lets remote authenticated users upload a file with an executable extension and access it via upload/files/, enabling arbitrary code execution. CVSS v2 base score 6.5 (Partial im...