메뉴 건너뛰기

GREATUSER

cve

CVE-2017-16594

관리자 2018.01.25 04:00 조회 수 : 126

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117.


원문출처 : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16594
번호 제목 글쓴이 날짜 조회 수
527 CVE-2017-6552 관리자 2017.03.10 2
526 CVE-2017-6555 (cms_made_simple) 관리자 2017.03.10 4
525 CVE-2017-6556 관리자 2017.03.10 1
524 CVE-2017-6558 관리자 2017.03.10 3
523 CVE-2017-6559 관리자 2017.03.10 1
522 CVE-2017-6561 (agora-project) 관리자 2017.03.10 5
521 CVE-2017-6562 관리자 2017.03.10 2
520 CVE-2017-6560 관리자 2017.03.10 1
519 CVE-2017-6547 관리자 2017.03.10 6
518 CVE-2017-6570 관리자 2017.03.10 7
517 CVE-2017-6575 관리자 2017.03.10 1
516 CVE-2017-6572 (mail-masta) 관리자 2017.03.10 1
515 CVE-2017-6576 (mail-masta) 관리자 2017.03.10 1
514 CVE-2017-6574 관리자 2017.03.10 1
513 CVE-2017-6577 관리자 2017.03.10 1
위로