Full title: AdaptCMS 3.0.3 XSS / Remote Code Execute Vulnerabilities 
Category: web applications
Platform: php
AdaptCMS version 3.0.3 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary PHP code by creating or uploading a malicious PHP script file that will be stored in '\app\webroot\uploads' directory and multiple persistent cross site scripting vulnerabilities.

# 0day.today @ http://0day.today/