PT-2019-16809 · Wallace · Wallacepos
Publicado
2019-07-31
·
Atualizado
2019-08-06
·
CVE-2019-3960
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WallacePOS version 1.4.3
Description
The issue allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file due to the unrestricted upload of files with dangerous types.
Recommendations
For WallacePOS version 1.4.3, consider restricting file uploads to only allow safe file types and implement proper validation and sanitization of uploaded files to prevent the execution of arbitrary code.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wallacepos