An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-26T20:53:37
Updated: 2024-08-04T22:17:19.674Z
Reserved: 2019-03-28T00:00:00
Link: CVE-2019-10267
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-26T21:15:11.640
Modified: 2019-07-31T12:46:41.480
Link: CVE-2019-10267
Redhat
No data.