CVE-2019-18643
Rock RMS is affected by CVE-2019-18643 in versions before 8.10 and 9.0–9.3 where uploaded files are validated only via a blacklist of extensions. Attackers can bypass this by adding multiple spaces and periods after the filename, enabling upload of ASPX code and potential remote code execution, w...