Arbitrary File Upload Vulnerability in cckevincyh SSH CompanyWebsite

CVE-2018-14441 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.

Learn more about our Web App Pen Testing.