PT-2019-14368 · Sitos · Sitos Six
Published
2019-10-07
·
Updated
2019-10-09
·
CVE-2019-15748
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SITOS six Build version 6.2.1
Description
The issue allows unauthorized users to upload and import a SCORM 2004 package by directly accessing affected pages. An unauthenticated attacker could exploit the upload and import functionality to import a malicious SCORM package containing a PHP file, potentially executing arbitrary PHP code.
Recommendations
For SITOS six Build version 6.2.1, restrict access to the upload and import functionality to prevent unauthorized users from uploading malicious SCORM packages. As a temporary workaround, consider disabling the SCORM package upload feature until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitos Six