CVE-2015-7904 Information

Description

Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02