Description
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Exploits (1)
References (1)
Core 1
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Scores
EPSS
0.0649
EPSS Percentile
91.1%
Details
Status
published
Products (3)
infinite_automation_systems/mango_automation
2.5.0
infinite_automation_systems/mango_automation
2.5.5
infinite_automation_systems/mango_automation
2.6.0
Published
Oct 28, 2015
Tracked Since
Feb 18, 2026