Описание
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
Ссылки
- Broken Link
- PatchThird Party Advisory
- Product
- Broken Link
- PatchThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00227
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
около 4 лет назад
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
EPSS
Процентиль: 45%
0.00227
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other