Unrated severityNVD Advisory· Published Oct 28, 2015· Updated May 6, 2026
CVE-2015-7904
CVE-2015-7904
Description
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Affected products
3cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- ics-cert.us-cert.gov/advisories/ICSA-15-300-02nvdPatchThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.