Описание
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
Связанные уязвимости
CVSS3: 9.8
nvd
почти 6 лет назад
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.