PT-2017-19062 · Kbvault · Kbvault Mysql Free Knowledge Base

Fatih Emiral

Published

2017-06-16

Updated

2020-01-24

CVE-2017-9602

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KBVault Mysql Free Knowledge Base application package version 0.16a

Description The issue allows an unauthenticated user to access file upload and deletion functionality through the FileExplorer/Explorer.aspx component. This can be exploited to upload an ASPX script to the Uploads/Documents/ directory, enabling the execution of arbitrary code.

Recommendations For version 0.16a, restrict access to the FileExplorer/Explorer.aspx?id= component to prevent unauthenticated users from uploading or deleting files, and avoid using the file upload functionality until a fix is available.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2017-9602

Affected Products

Kbvault Mysql Free Knowledge Base

PT-2017-19062 · Kbvault · Kbvault Mysql Free Knowledge Base

CVE-2017-9602

Weakness Enumeration

Related Identifiers

Affected Products

References · 3