CVE-2017-15054

Name of the Vulnerable Software and Affected Versions TeamPass versions prior to 2.1.27.9

Description The issue allows remote authenticated users to upload arbitrary files, leading to remote command execution. To exploit this, an attacker must tamper with parameters of a request to "upload.files.php" to select the correct branch and upload any arbitrary file, which can then be accessed to execute code on the server.

Recommendations For versions prior to 2.1.27.9, update to version 2.1.27.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "upload.files.php" endpoint to minimize the risk of exploitation.