Advantech WebAccess SCADA Dashboard Arbitrary File Upload (CVE-2016-0854)

An arbitrary file upload vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the uploadImageCommon, uploadFile or uploadBannerImage methods in the UploadAjaxAction script. A remote, unauthenticated...