Описание
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.1.50 (исключая)
cpe:2.3:a:ahsay:cloud_backup_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00451
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
EPSS
Процентиль: 63%
0.00451
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611