Publish date
03 October 2019
Identifier
CVE-2019-15751
Manufacturer
SITOS
Product
SITOS Six Build v6.2.1
Authors
Dennis Herrmann and Andre Waldhoff
Description
Unrestricted file upload vulnerability in SITOS Six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCROM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.