The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
CVSS Score
9.8
EPSS Score
0.056
Published
2019-07-11