siteserver cms is vulnerable to arbitrary code execution. Improper validation of the file extension allows an administrator to upload a file with extension .aassp
, which would be converted to .asp
after the .as
substring is removed. The code in the file will be executed in the context of the server when requested.