{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T00:37:54.965","vulnerabilities":[{"cve":{"id":"CVE-2015-7904","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2015-10-28T10:59:24.767","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file."},{"lang":"es","value":"Vulnerabilidad de carga de archivos sin restricciones en Infinite Automation Mango Automation 2.5.x y 2.6.x en versiones anteriores a 2.6.0 build 430 permite a usuarios remotos autenticados ejecutar código JSP arbitrario a través de vectores que implican una carga de un archivo de imagen."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"A063CF76-AB38-427E-9FB7-BF8CCC7FECF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*","matchCriteriaId":"763D5AAE-CCFE-4BA8-B3CD-0110E8ECDFB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6A87E664-6033-47BD-B182-A89245435417"}]}]}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/434.html\">CWE-434: Unrestricted Upload of File with Dangerous Type</a>"}}]}