Description

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Remediation

References

CVE-2015-5946

Related Vulnerabilities

WordPress 3.8.x Prototype Pollution (3.8 - 3.8.37)

WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)

WordPress Plugin SendPress Newsletters Cross-Site Scripting (1.20.7.10)

WebLogic CVE-2020-2967 Vulnerability (CVE-2020-2967)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3848)

Severity

High

Classification

CVE-2015-5946 CWE-184 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities