An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HXorux Lpar2rrd
APPXorux≤ 8.04
Powiązane podatności
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell ...
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sa...
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext informa...