CVE-2015-2994
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
Vulnerabilidad de la subida de ficheros sin restricciones en ChangePhoto.jsp en SysAid Help Desk anterior a 15.2 permite a administradores remotos ejecutar código arbitrario mediante la subida de un fichero con una extensión .jsp, y posteriormente accediendo a ello a través de una solicitud directa al fichero en icons/user_photo/.
SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-07 CVE Reserved
- 2015-06-03 CVE Published
- 2015-06-03 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/535679/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/75038 | Vdb Entry | |
| https://seclists.org/fulldisclosure/2015/Jun/8 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk | 2018-10-09 |