Diy0829

**Name of the Vulnerable Software and Affected Versions** SiteServer CMS versions 6.9.0 through 6.11 **Description** A issue was discovered in SiteServer CMS that allows remote attackers to execute arbitrary code. This is possible because an administrator can add the permitted file extension `.aassp`, which is converted to `.asp` due to the deletion of the "as" substring. **Recommendations** For SiteServer CMS versions 6.9.0 through 6.11, update to version 6.12 or later to resolve the issue.