CVE-2015-7838
Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors.
ProcessFileUpload.jsp en SolarWinds Storage Manager en versiones anteriores a 6.2 permite a atacantes remotos cargar y ejecutar archivos arbitrarios a través de vectores no especificados.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within ProcessFileUpload.jsp within the handling of file uploads. The issue lies in the failure to sanitize the files uploaded, allowing them to be placed within directories accessible through the service. An attacker can leverage this vulnerability to execute code as SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-07 CVE Published
- 2015-10-15 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-15-460 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.solarwinds.com/documentation/srm/docs/releasenotes/releasenotes.htm | 2015-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Storage Manager Search vendor "Solarwinds" for product "Storage Manager" | <= 6.1 Search vendor "Solarwinds" for product "Storage Manager" and version " <= 6.1" | - |
Affected
| ||||||