SysAid Help Desk Administrator Portal Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. You need to have an...

CVE-2015-2994

CVE-2015-2994 is an unrestricted file upload vulnerability in SysAid Help Desk’s ChangePhoto.jsp (before 15.2). An attacker with admin access can upload a .jsp and access it via icons/user_photo/, enabling arbitrary code execution on the server. Evidence of exploitation/poCs exists (Metasploit mo...

CVE-2015-2994

creationtimestamp| type| source ---|---|--- 2015-06-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41691 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sysaidauthfileupload.rb 2025-02-06 03:13:42+00:00|...

SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerabili...