Описание
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.3.8 (исключая)
cpe:2.3:a:raysync:raysync:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05529
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
EPSS
Процентиль: 90%
0.05529
Низкий
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-22