PT-2019-12286 · Siteserver · Siteserver Cms

Diy0829

Publicado

2019-04-21

Atualizado

2022-05-24

CVE-2019-11401

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SiteServer CMS versions 6.9.0 through 6.11

Description A issue was discovered in SiteServer CMS that allows remote attackers to execute arbitrary code. This is possible because an administrator can add the permitted file extension .aassp, which is converted to .asp due to the deletion of the "as" substring.

Recommendations For SiteServer CMS versions 6.9.0 through 6.11, update to version 6.12 or later to resolve the issue.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-11401

GHSA-FF4W-8CHR-W2X9

Produtos afetados

Siteserver Cms

PT-2019-12286 · Siteserver · Siteserver Cms

CVE-2019-11401

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6