cbcvebase.
CVE-2019-15751
published 2019-10-07

CVE-2019-15751: An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.47%
90.3th percentile
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to the web root of the application.

Affected

3 ranges
VendorProductVersion rangeFixed in
saltstacksalt>= 0 < 2015.8.8+ds-1ubuntu0.12015.8.8+ds-1ubuntu0.1
saltstacksalt>= 0 < 2017.7.4+dfsg1-1ubuntu18.04.22017.7.4+dfsg1-1ubuntu18.04.2
sitossitos_six

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.