Vulnerabilities > CVE-2015-7904 - Unspecified vulnerability in Infinite Automation Systems Mango Automation 2.5.0/2.5.5/2.6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | Mango Automation 2.6.0 - Multiple Vulnerabilities. CVE-2015-6493,CVE-2015-6494,CVE-2015-7900,CVE-2015-7901,CVE-2015-7902,CVE-2015-7903,CVE-2015-7904. Webapps... |
id | EDB-ID:38338 |
last seen | 2016-02-04 |
modified | 2015-09-28 |
published | 2015-09-28 |
reporter | LiquidWorm |
source | https://www.exploit-db.com/download/38338/ |
title | Mango Automation 2.6.0 - Multiple Vulnerabilities |