Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-17	CVE-2018-17139	Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5 UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. network low complexity ultimatefosters CWE-434	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.