CRITICAL🇵🇱 Wersja polska

CVE-2017-16610

CVSS 9.8v3.0pub. 2018-01-23upd. 2024-11-21

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgain Systems Enterprise Manager

    APP
    Netgain-Systems
    < 7.2.766
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2017-17406CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-17407CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...

CVE-2017-16608CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-16597CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...

CVE-2018-10587HIGH7.2ten sam produkt

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57...