Description

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Remediation

References

CVE-2015-5946

Related Vulnerabilities

WordPress Plugin RSVPMaker SQL Injection (9.2.6)

MediaWiki Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-9277)

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5)

Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)

WordPress Plugin Affiliates Multiple Cross-Site Scripting Vulnerabilities (2.13.1)

Severity

High

Classification

CVE-2015-5946 CWE-184 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities