vendor:
PaKnPost Pro
by:
Edvin Rustemagic, Grega Preseren
7.5
CVSS
HIGH
Arbitrary File Upload & Remote Code Execution
CWE
Product Name: PaKnPost Pro
Affected Version From: <=1.14
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested: Windows, Linux
2016
PaKnPost Pro Arbitrary File Upload & Remote Code Execution
File extension check bypass and directory traversal lead to uploading an arbitrary file to an unintended directory and remote code execution.
Mitigation:
Patch exists