PT-2019-13729 · Emca · Emca Energy Logserver

Maciej Domanski

Publicado

2019-08-05

Atualizado

2019-08-13

CVE-2019-14521

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions EMCA Energy Logserver version 6.1.2

Description The issue concerns the api/admin/logoupload Logo File upload feature, which allows attackers to upload files to any location on the server. This is achieved through path traversal in the filename parameter.

Recommendations For EMCA Energy Logserver version 6.1.2, consider restricting access to the api/admin/logoupload endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the filename parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2019-14521

Produtos afetados

Emca Energy Logserver

PT-2019-13729 · Emca · Emca Energy Logserver

CVE-2019-14521

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6