Описание
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jenzabar:internet_campus_solution:9:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.1.4 (исключая)
cpe:2.3:a:tiny:moxiemanager:*:*:*:*:*:.net:*:*
EPSS
Процентиль: 71%
0.00691
Низкий
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
EPSS
Процентиль: 71%
0.00691
Низкий
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-434