CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt