Arbitrary File Upload and Remote Code Execution in Footy Tipping Software AFL Web Edition 2019
CVE-2019-17058 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.
Learn more about our Web App Pen Testing.