Design/Logic Flaw

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

CVE-2020-11451

The CVE-2020-11451 entry concerns MicroStrategy Web 10.4 (Upload Visualization plugin in the admin panel). The vulnerability arises from allowing an administrator to upload a ZIP archive with arbitrary extensions and data, via a plugin upload mechanism that requires admin privileges. The descript...