Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-24688
HistoryJul 18, 2022 - 12:34 p.m.

CVE-2022-24688

2022-07-1812:34:18
mitre
www.cve.org
2
dsk dsknet
unrestricted file upload
remote code execution
pdf upload
php content
hijack
privileged user access
parameters page
exploit
broken access control
brute-force attack
sql injection
database
sync web folder

AI Score

9.2

Confidence

High

EPSS

0.013

Percentile

85.6%

JSON

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. (That can be easily achieved by exploiting the Broken Access Control with further Brute-force attack or SQL Injection.) The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain .php?action= page.

Related

cve 1
prion 1
nvd 1
cve
cve
CVE-2022-24688
2022-07-18 13:15:09
prion
prion
Unrestricted file upload
2022-07-18 13:15:00
nvd
nvd
CVE-2022-24688
2022-07-18 13:15:09

AI Score

9.2

Confidence

High

EPSS

0.013

Percentile

85.6%

JSON
Related for CVELIST:CVE-2022-24688
cve1prion1nvd1