HiScout GRC Suite versions prior to 315 suffer from a file upload vulnerability An authenticated attacker with the permission to edit or add a "WebSiteElement" to the "content" pages is able to upload any file with any file extension to the data directory of the application This directory is in the web root and the uploaded file is executed on ...