Arbitrary Code Execution Vulnerability in Ektron CMS 8.5 and 8.7

Arbitrary Code Execution Vulnerability in Ektron CMS 8.5 and 8.7

CVE-2015-0931 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue.

Learn more about our Cms Pen Testing.