Improper access control

2019-11-1219:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.251 Low

EPSS

Percentile

96.7%

JSON

An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.

CPENameOperatorVersion
sunveillance_monitoring_system_\\&_data_recordereq< 1.1.9e

CPE	Name	Operator	Version
	sunveillance_monitoring_system_\\&_data_recorder	eq	< 1.1.9e

References

drive.google.com/open?id=1Khz7x6b32g7JYCyA6ZQ6NGEc4I0yFA45

www.exploit-db.com/exploits/47541