Описание
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.5.8-1 |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | ignored | end of life, was needs-triage |
| noble | needs-triage | |
| oracular | not-affected | 6.5.8-1 |
| plucky | not-affected | 6.5.8-1 |
| questing | not-affected | 6.5.8-1 |
Показывать по
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 an ...
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.
9.8 Critical
CVSS3