CVE-2015-1604

Adminsystems CMS < 4.0.2 - Authenticated Arbitrary File Upload and Remote Code Execution via asys/site/files.php

Title source: llm
STIX 2.1

Description

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.

Scores

EPSS 0.0408
EPSS Percentile 89.5%

Details

CWE
CWE-20
Status published
Products (1)
adminsystems_cms_project/adminsystems_cms < 4.0.0
Published Feb 19, 2015
Tracked Since Feb 18, 2026