3 matches found
EUVD-2018-4283
Malware in sbrugna...
Directory traversal
Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345...
CVE-2018-11345
ASUSTOR AS6202T ADM 3.1.0.RFQ3 is affected by CVE-2018-11345: an unrestricted file upload vulnerability in upload.cgi that allows uploading data via the POST parameter filename and, due to path traversal in that parameter, placing files anywhere on the filesystem. This can enable attacker-control...