Avaya IP Office Customer Call Reporter ImageUpload Exploit

The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2012-3811
Product Version: 
12.5
Released Date: 
Monday, November 19, 2012 - 00:00