PT-2023-26945 · Unknown · Irm Next Generation Booking System+1

Adrian Schipor

Publicado

2023-09-07

Atualizado

2023-09-12

CVE-2023-39424

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IRM Next Generation booking system (affected versions not specified)

Description A vulnerability in RDPngFileUpload.dll allows a remote attacker to upload arbitrary content, such as a web shell component, to the SQL database and execute it with SYSTEM privileges. This issue requires authentication to be exploited but can be combined with another vulnerability to bypass the need for assigned credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-434

Identificadores relacionados

CVE-2023-39424

Produtos afetados

Irm Next Generation Booking System

Rdpngfileupload.Dll

PT-2023-26945 · Unknown · Irm Next Generation Booking System+1

CVE-2023-39424

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8