CVE-2019-17058

Name of the Vulnerable Software and Affected Versions Footy Tipping Software AFL Web Edition version 2019

Description The issue allows for arbitrary file upload and resultant remote code execution. This is possible because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.

Recommendations For Footy Tipping Software AFL Web Edition version 2019, consider restricting access to the file upload functionality for Administrators until a patch is available. As a temporary workaround, monitor the upload directory for suspicious files, especially crafted upload.dat files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.