RSS   Podatności dla 'Free knowledge base'   RSS

2017-06-16
 
CVE-2017-9602

CWE-732
 

 
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top