CVE-2015-7901

Infinite Automation Mango Automation <2.6.0-430 - Command Injection

Title source: llm

Description

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by James Fitts · rubyremotejsp

https://www.exploit-db.com/exploits/42698

View Code ZIP pw:eip

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View on exploitdb

References (2)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42698/

Scores

EPSS 0.0550

EPSS Percentile 90.1%

Classification

CWE

CWE-78

Status draft

Affected Products (3)

infinite_automation_systems/mango_automation

Timeline

Published Oct 28, 2015

Tracked Since Feb 18, 2026