PT-2019-11672 · Ahsay · Ahsay Cloud Backup Suite

Publicado

2019-07-26

Atualizado

2019-07-31

CVE-2019-10267

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ahsay Cloud Backup Suite version 8.1.0.50

Description An issue was discovered that allows for insecure file upload and code execution. It is possible to upload a file into any directory of the server, including inserting a JSP shell into the web server's directory and executing it, leading to full access to the system as the configured user.

Recommendations For Ahsay Cloud Backup Suite version 8.1.0.50, consider restricting file upload capabilities to prevent malicious file uploads until a patch is available. As a temporary workaround, restrict access to sensitive directories on the server to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-10267

Produtos afetados

Ahsay Cloud Backup Suite

PT-2019-11672 · Ahsay · Ahsay Cloud Backup Suite

CVE-2019-10267

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8