Kbvault · Kbvault Mysql Free Knowledge Base · CVE-2017-9602
**Name of the Vulnerable Software and Affected Versions**
KBVault Mysql Free Knowledge Base application package version 0.16a
**Description**
The issue allows an unauthenticated user to access file upload and deletion functionality through the FileExplorer/Explorer.aspx component. This can be exploited to upload an ASPX script to the Uploads/Documents/ directory, enabling the execution of arbitrary code.
**Recommendations**
For version 0.16a, restrict access to the FileExplorer/Explorer.aspx?id= component to prevent unauthenticated users from uploading or deleting files, and avoid using the file upload functionality until a fix is available.