Publish date
03 October 2019
Identifier
CVE-2019-15748
Manufacturer
SITOS
Product
SITOS Six Build v6.2.1
Authors
Dennis Herrmann and Andre Waldhoff
Description
SITOS Six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 packages by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file which could execute arbitrary PHP code, for more information please refer to CVE-2019-15751 - Unrestricted File Upload via SCORM File.