Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
[
{
"vendor": "Shift Tech Inc.",
"product": "bingo!CMS",
"versions": [
{
"version": "version1.7.4.1 and earlier",
"status": "affected"
}
]
}
]