Full title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability 
Category: web applications
Platform: asp
The application doesn't sanitize file extension or content in the Logo
Editing module. The vulnerability allows a remote attacker to upload files
via POST method with multiple extensions and access them remotely.

# 0day.today @ http://0day.today/