CVE-2021-27197

CVE-2021-27197

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn’t check if it’s being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language=’vbscript’>") to overwrite arbitrary files.

Source: CVE-2021-27197

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다