Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| shift-tech | bingo!cms | * |