PT-2023-26217 · Gen Technology · Gen Technology Four Mountain Torrent Disaster Prevention/Control Of Monitoring/Early Warning System
Segon
·
Publicado
2023-07-20
·
Atualizado
2024-05-17
·
CVE-2023-3797
CVSS v2.0
5.2
Média
| Vetor | AV:A/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712
Description
A critical issue was found in the system, affecting the /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx file. The manipulation of the
Filedata argument leads to unrestricted upload. The issue has been publicly disclosed and may be exploited.Recommendations
For Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712, as a temporary workaround, consider restricting access to the
/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx endpoint to minimize the risk of exploitation. Avoid using the Filedata argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gen Technology Four Mountain Torrent Disaster Prevention/Control Of Monitoring/Early Warning System