exploitDog

CVE-2011-5292

Опубликовано: 01 янв. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

Ссылки

https://www.htbridge.com/advisory/HTB23015
Exploit
https://www.htbridge.com/advisory/HTB23015
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easewe_software:easewe_ftp_ocx_activex_control:4.5.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00648

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-5726-3m5v-m8q4

github

больше 3 лет назад

The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in the first argument to the (1) Execute or (2) Run method, (3) write to arbitrary files via a pathname in the argument to the CreateLocalFile method, (4) create arbitrary directories via a pathname in the argument to the CreateLocalFolder method, or (5) delete arbitrary files via a pathname in the argument to the DeleteLocalFile method.

EPSS

Процентиль: 70%

0.00648

Низкий

7.5 High

CVSS2

Дефекты

CWE-264