Описание
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до adm_3.1.0.rfq3 (включая)
Одновременно
cpe:2.3:o:asustor:as6202t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:asustor:as6202t:-:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00718
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
EPSS
Процентиль: 72%
0.00718
Низкий
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434