osCMax Arbitrary File Upload and Full Path Information Disclosure Vulnerabilities

osCMax Arbitrary File Upload and Full Path Information Disclosure Vulnerabilities

osCMax is prone to an arbitrary file-upload vulnerability and an information-disclosure vulnerability .

Attackers can exploit these issues to obtain sensitive information and upload arbitrary files. This may aid in other attacks.

osCMax 2.5.3 is vulnerable; other versions may also be affected.