2 matches found
CVE-2019-15748
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary...
CVE-2019-15748
SITOS six Build v6.2.1 is affected by CVE-2019-15748: unauthenticated upload/import of a SCORM 2004 package can lead to execution of arbitrary PHP code via a malicious package. Affected component: SITOS six Build (v6.2.1). Root cause implied by reports is insecure handling of uploaded SCORM conte...