CVE-2019-15748

Name of the Vulnerable Software and Affected Versions SITOS six Build version 6.2.1

Description The issue allows unauthorized users to upload and import a SCORM 2004 package by directly accessing affected pages. An unauthenticated attacker could exploit the upload and import functionality to import a malicious SCORM package containing a PHP file, potentially executing arbitrary PHP code.

Recommendations For SITOS six Build version 6.2.1, restrict access to the upload and import functionality to prevent unauthorized users from uploading malicious SCORM packages. As a temporary workaround, consider disabling the SCORM package upload feature until a patch is available.