CVE-2018-17139
NONE EPSS 86.0%
Published Sep 17, 20187y ago · Modified Jun 17, 20262w ago
Published Sep 17, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
Threat Intelligence
EPSS Exploit Probability
86.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| ultimatefosters | ultimatepos | 2.5 | any |
References 1
- exploit-db.com https://www.exploit-db.com/exploits/45253/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.