Vulnerability Details CVE-2015-7904
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.8%
CVSS Severity
CVSS v2 Score 6.5
Products affected by CVE-2015-7904
-
cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0
-
cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5
-
cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0