CVE-2018-19586

CVE-2018-19586

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.

Source: CVE-2018-19586

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다