PT-2019-11672 · Ahsay · Ahsay Cloud Backup Suite

Published

2019-07-26

Updated

2019-07-31

CVE-2019-10267

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ahsay Cloud Backup Suite version 8.1.0.50

Description An issue was discovered that allows for insecure file upload and code execution. It is possible to upload a file into any directory of the server, including inserting a JSP shell into the web server's directory and executing it, leading to full access to the system as the configured user.

Recommendations For Ahsay Cloud Backup Suite version 8.1.0.50, consider restricting file upload capabilities to prevent malicious file uploads until a patch is available. As a temporary workaround, restrict access to sensitive directories on the server to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-10267

Affected Products

Ahsay Cloud Backup Suite

PT-2019-11672 · Ahsay · Ahsay Cloud Backup Suite

CVE-2019-10267

Weakness Enumeration

Related Identifiers

Affected Products

References · 8