1 results (0.000 seconds)
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-9602 – KBVault MySQL 0.16a - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2017-9602
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. El paquete de la aplicación KBVault Mysql Free Knowledge 0.16a viene con un componente de manipulación de archivos FileExplorer/Explorer.aspx? • https://www.exploit-db.com/exploits/42184 • CWE-732: Incorrect Permission Assignment for Critical Resource •