This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager.…
zdi·CWE-22·Published 2018-01-23
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.
Esta vulnerabilidad permite que atacantes remotos ejecuten código arbitrario en instalaciones vulnerables de Netgain Enterprise Manager. No se requiere autenticación para explotar esta vulnerabilidad. Este error en concreto existe en upload_save_do.jsp. El problema deriva de la falta de validación correcta de una ruta proporcionada por el usuario antes de emplearla en operaciones de archivo. Un atacante podría aprovecharse de esta vulnerabilidad para ejecutar código en el contexto del actual usuario. Anteriormente era ZDI-CAN-4751.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |