CVE-2019-15748

Authorisation Bypass

Publish date

03 October 2019

Identifier

CVE-2019-15748

Manufacturer

SITOS

Product

SITOS Six Build v6.2.1

Authors

Dennis Herrmann and Andre Waldhoff

Description

SITOS Six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 packages by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file which could execute arbitrary PHP code, for more information please refer to CVE-2019-15751 - Unrestricted File Upload via SCORM File.

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider