Cx01N

Name of the Vulnerable Software and Affected Versions: BC Security Empire versions prior to 5.9.3 Description: The issue allows a remote, unauthenticated attacker to exploit a path traversal issue over HTTP, potentially leading to remote code execution. This can be achieved by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. Recommendations: For versions prior to 5.9.3, update to version 5.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to upload functionality to minimize the risk of exploitation.