CVE-2018-17139

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
References
Link Resource
https://www.exploit-db.com/exploits/45253/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ultimatefosters:ultimatepos:2.5:*:*:*:*:*:*:*

Information

Published : 2018-09-17 06:29

Updated : 2018-11-29 02:01


NVD link : CVE-2018-17139

Mitre link : CVE-2018-17139

Products Affected
No products.
CWE