CVE-2019-15751

Unrestricted File Upload via SCORM File

Publish date

03 October 2019

Identifier

CVE-2019-15751

Manufacturer

SITOS

Product

SITOS Six Build v6.2.1

Authors

Dennis Herrmann and Andre Waldhoff

Description

Unrestricted file upload vulnerability in SITOS Six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCROM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider