PT-2018-10498 · Asustor · Asustor As6202T Adm
Publicado
2018-05-22
·
Atualizado
2019-03-21
·
CVE-2018-11340
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASUSTOR AS6202T ADM version 3.1.0.RFQ3
Description
The issue allows attackers to upload supplied data to a specified filename due to an unrestricted file upload vulnerability in importuser.cgi. This can be used to place attacker-controlled code on the file system that is then executed.
Recommendations
For ASUSTOR AS6202T ADM version 3.1.0.RFQ3, consider restricting access to the importuser.cgi script until a patch is available to prevent attackers from uploading malicious files.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asustor As6202T Adm