2 matches found
Design/Logic Flaw
An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...
CVE-2019-19988
The CVE-2019-19988 issue affects Selesta Visual Access Manager (VAM) versions 4.15.0–4.29. An authenticated user can create and write arbitrary files on the filesystem via the web interface, by manipulating the file name, destination path, or extension in /common/vam_editXml.php. The vulnerable p...