Security Advisory

CVE-2019-11401

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-21 15:37:38

Last updated 2024-08-04 22:55:39

Assigner mitre

State PUBLISHED

Description

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

← Browse all CVEs View on cve.org ↗