Arbitrary Code Execution Vulnerability in Accela Civic Platform Citizen Access Portal

Arbitrary Code Execution Vulnerability in Accela Civic Platform Citizen Access Portal

CVE-2016-5661 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.

Learn more about our User Device Pen Test.