CVE-2019-15751

Name of the Vulnerable Software and Affected Versions SITOS six Build version 6.2.1

Description The issue allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. An unauthenticated attacker can upload a malicious file, containing PHP code, to the web root of the application, enabling the execution of operating system commands.

Recommendations For SITOS six Build version 6.2.1, restrict access to file upload functionality to prevent unauthenticated users from uploading malicious files until a fix is available. Consider implementing validation and sanitization of uploaded files to prevent executable code from being uploaded.