03 October 2019
SITOS Six Build v6.2.1
Dennis Herrmann and Andre Waldhoff
SITOS Six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 packages by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file which could execute arbitrary PHP code, for more information please refer to CVE-2019-15751 - Unrestricted File Upload via SCORM File.