Описание
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.7.0.0 (включая) до 8.1.1.50 (исключая)
cpe:2.3:a:ahsay:cloud_backup_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.64364
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
EPSS
Процентиль: 98%
0.64364
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434