Posted by RedTeam Pentesting GmbH on May 31

Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution

A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.

Details
=======

Product: Relay Ajax Directory Manager
Affected Versions: relayb01-071706, 1.5.1, 1.5.3 were tested, other
versions…