Описание
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side.
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.3
github
5 месяцев назад
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side.
EPSS
Процентиль: 29%
0.00103
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-306