CVE-2017-9602 – KBVault MySQL 0.16a - Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2017-9602

16 Jun 2017 — KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. El paquete de la aplicación KBVault Mysql Free Knowledge 0.16a viene con un componente de manipulación de archivos FileExplorer/Explorer.aspx? • https://packetstorm.news/files/id/142982 • CWE-732: Incorrect Permission Assignment for Critical Resource •