exploitDog

CVE-2021-39392

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.

Ссылки

http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip
Broken Link
https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281
Third Party Advisory
http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip
Broken Link
https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mylittletools:mylittlebackup:*:*:*:*:*:*:*:*

Версия до 1.7 (включая)

EPSS

Процентиль: 88%

0.03675

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-r69j-r7vf-pfx7

github

больше 3 лет назад

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.

EPSS

Процентиль: 88%

0.03675

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502