CVE-2017-9602

Name of the Vulnerable Software and Affected Versions KBVault Mysql Free Knowledge Base application package version 0.16a

Description The issue allows an unauthenticated user to access file upload and deletion functionality through the FileExplorer/Explorer.aspx component. This can be exploited to upload an ASPX script to the Uploads/Documents/ directory, enabling the execution of arbitrary code.

Recommendations For version 0.16a, restrict access to the FileExplorer/Explorer.aspx?id= component to prevent unauthenticated users from uploading or deleting files, and avoid using the file upload functionality until a fix is available.