exploitDog

GHSA-g763-4gcm-875f

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

Ссылки

EPSS

Процентиль: 99%

0.76861

Высокий

CVE ID

Связанные уязвимости

CVE-2015-2994

nvd

больше 10 лет назад

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

EPSS

Процентиль: 99%

0.76861

Высокий

CVE ID