Page 2 of 11 results (0.447 seconds)
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 3
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 3CVE-2017-17560 – Western Digital MyCloud - 'multi_uploadify' File Upload
https://notcve.org/view.php?id=CVE-2017-17560
12 Dec 2017 — An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. Se ha descubierto un error en los dispositivos Western Digital MyCloud PR4100 2.30.172. E... • https://packetstorm.news/files/id/145447 • CWE-287: Improper Authentication •