CVE-2015-7904

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02 Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-10-28 10:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-7904

Mitre link : CVE-2015-7904

CVE.ORG link : CVE-2015-7904


JSON object : View

Products Affected

infinite_automation_systems

  • mango_automation