CVE-2019-10012

Name of the Vulnerable Software and Affected Versions: Jenzabar JICS (aka Internet Campus Solution) versions prior to 9

Description: The issue allows remote attackers to upload and execute arbitrary .aspx code. This is achieved by placing the code in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICSICS.NETICSFileServer.

Recommendations: For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to the MoxieManager plugin or removing it until a patch is applied. Avoid using the moxiemanager directory for uploading ZIP archives until the issue is resolved.