In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-08T18:38:48.809397Z

Updated: 2024-09-16T22:31:08.161Z

Reserved: 2021-02-01T00:00:00

Link: CVE-2021-26473

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-08T19:15:08.290

Modified: 2024-11-21T05:56:25.183

Link: CVE-2021-26473

cve-icon Redhat

No data.