Vulnerabilities > Ultimatefosters > Ultimatepos

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-17139 Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
network
low complexity
ultimatefosters CWE-434
6.5