3 matches found
CVE-2015-2994
CVE-2015-2994 is an unrestricted file upload vulnerability in SysAid Help Desk’s ChangePhoto.jsp (before 15.2). An attacker with admin access can upload a .jsp and access it via icons/user_photo/, enabling arbitrary code execution on the server. Evidence of exploitation/poCs exists (Metasploit mo...
CVE-2015-2994
creationtimestamp| type| source ---|---|--- 2015-06-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41691 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sysaidauthfileupload.rb 2025-02-06 03:13:42+00:00|...
SysAid Help Desk Administrator Portal < 14.4 - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerabili...