CVE-2019-25480

Name of the Vulnerable Software and Affected Versions ARMBot (affected versions not specified)

Description The software contains an unrestricted file upload issue in the 'upload.php' component. Unauthenticated attackers can upload arbitrary files by manipulating the file parameter using path traversal sequences. Attackers can upload PHP files with path traversal payloads such as '../public html/' to write executable code to the web root, potentially leading to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.