Описание
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0.1 (исключая)Версия до 4.2.0.1 (исключая)
Одно из
cpe:2.3:a:vembu:bdr_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:vembu:offsite_dr:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00743
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Vembu BDR Suite before 4.2.0 allows Unauthenticated file write via a GET request that specifies a file's name and content.
EPSS
Процентиль: 73%
0.00743
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434