CVE-2017-9602
KBVault MySQL 0.16a - Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
El paquete de la aplicación KBVault Mysql Free Knowledge 0.16a viene con un componente de manipulación de archivos FileExplorer/Explorer.aspx?id=/Uploads. Un usuario no autentificado puede acceder a las funcionalidades de borrado y subida de archivos. A través de esta funcionalidad, un usuario puede subir un script ASPX a Uploads/Documents/ para ejecutar código aleatorio.
KBVault MySQL version 0.16a suffers from a remote arbitrary file upload vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-12 CVE Reserved
- 2017-06-16 CVE Published
- 2024-02-27 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/42184 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kbvault Mysql Project Search vendor "Kbvault Mysql Project" | Kbvault Mysql Search vendor "Kbvault Mysql Project" for product "Kbvault Mysql" | 0.16a Search vendor "Kbvault Mysql Project" for product "Kbvault Mysql" and version "0.16a" | - |
Affected
|