PT-2023-26217 · Gen Technology · Gen Technology Four Mountain Torrent Disaster Prevention/Control Of Monitoring/Early Warning System
Segon
·
Published
2023-07-20
·
Updated
2024-05-17
·
CVE-2023-3797
CVSS v2.0
5.2
Medium
| Vector | AV:A/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712
Description
A critical issue was found in the system, affecting the /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx file. The manipulation of the
Filedata argument leads to unrestricted upload. The issue has been publicly disclosed and may be exploited.Recommendations
For Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712, as a temporary workaround, consider restricting access to the
/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx endpoint to minimize the risk of exploitation. Avoid using the Filedata argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gen Technology Four Mountain Torrent Disaster Prevention/Control Of Monitoring/Early Warning System