An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-07T20:58:14
Updated: 2024-08-04T04:10:17.164Z
Reserved: 2021-11-17T00:00:00
Link: CVE-2021-43970
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-10T17:44:11.860
Modified: 2022-03-15T13:59:46.457
Link: CVE-2021-43970
Redhat
No data.