Lucene search
K

CVE-2021-30118

🗓️ 09 Jul 2021 13:19:42Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 227 Views🌐 WEB

An unauthenticated arbitrary file upload vulnerability in Kaseya VSA Unified RMM 9.5.4.2149 allows remote attackers to execute arbitrary code by uploading malicious files via /SystemTab/uploader.aspx

Related
Detection
Refs
Paths
Social
NVD
Node
kaseyavsaRange<9.5.5-
ParameterPositionPathDescriptionCWE
qqfilerequest body/SystemTab/uploader.aspxUnauthenticated arbitrary file upload via /SystemTab/uploader.aspx allowing attacker to place ASPX payloads on the webroot and execute them.CWE-434
Filenamerequest body/SystemTab/uploader.aspxUnauthenticated arbitrary file upload via /SystemTab/uploader.aspx allowing attacker to place ASPX payloads on the webroot and execute them.CWE-434
PathDatarequest body/SystemTab/uploader.aspxUnauthenticated arbitrary file upload via /SystemTab/uploader.aspx allowing attacker to place ASPX payloads on the webroot and execute them.CWE-434
__RequestValidationTokenrequest body/SystemTab/uploader.aspxUnauthenticated arbitrary file upload via /SystemTab/uploader.aspx allowing attacker to place ASPX payloads on the webroot and execute them.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation