03 October 2019
SITOS Six Build v6.2.1
Dennis Herrmann and Andre Waldhoff
Unrestricted file upload vulnerability in SITOS Six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCROM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.