Arbitrary File Upload and Remote Code Execution in Footy Tipping Software AFL Web Edition 2019

Arbitrary File Upload and Remote Code Execution in Footy Tipping Software AFL Web Edition 2019

CVE-2019-17058 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.

Learn more about our Web App Pen Testing.