Description

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.

Remediation

References

CVE-2015-5946

Related Vulnerabilities

WordPress Plugin Comment Extra Fields 'cef-upload.php' Arbitrary File Upload (1.7)

GlassFish CVE-2012-0550 Vulnerability (CVE-2012-0550)

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)

Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-27233)

Severity

High

Classification

CVE-2015-5946 CWE-184 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities