2 matches found
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...
CVE-2021-43973
This CVE concerns SysAid ITIL 20.4.74 b10, where UploadPsIcon.jsp is vulnerable to an unrestricted file upload. An authenticated remote attacker can upload an arbitrary file via the file parameter in an HTTP POST, with the server returning the uploaded file’s absolute path. The issue affects the ...