Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-7904. PoCs published by LiquidWorm.
AI-analyzed exploit summary The exploit demonstrates a CSRF-based file upload vulnerability in Mango Automation 2.6.0, allowing arbitrary JSP code execution by uploading a malicious JSP file. It also includes additional vulnerabilities like arbitrary command execution, debug log exposure, and SQL injection.
Description
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Exploits (1)
The exploit demonstrates a CSRF-based file upload vulnerability in Mango Automation 2.6.0, allowing arbitrary JSP code execution by uploading a malicious JSP file. It also includes additional vulnerabilities like arbitrary command execution, debug log exposure, and SQL injection.