Vulnerability CVE-2019-10012


Published: 2019-03-25   Modified: 2019-03-26

Description:
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
TINY -> Moxiemanager 
Jenzabar -> Internet campus solution 

 References:
https://medium.com/@mdavis332/critical-vulnerability-in-higher-ed-erp-55580f8880c
https://www.sjoerdlangkemper.nl/2016/09/15/uploading-webshells-with-moxiemanager/

Copyright 2022, cxsecurity.com

 

Back to Top