Cloud Backup Suite@* Security Vulnerabilities and Issues — Cloud Backup Suite@* CVE List

Lucene search

AhsayCloud Backup Suite*

5 matches found

CVE•added 2019/07/26 9:15 p.m.•376 views

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configur...

9CVSS8.8AI score0.66166EPSS

CVE•added 2019/07/26 9:15 p.m.•372 views

CVE-2019-10263

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account.

6.1CVSS6.3AI score0.0024EPSS

CVE•added 2019/07/26 9:15 p.m.•361 views

CVE-2019-10266

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.

7.8CVSS7.3AI score0.35452EPSS

CVE•added 2019/07/26 9:15 p.m.•331 views

CVE-2019-10264

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.

7.2CVSS6.9AI score0.00476EPSS

CVE•added 2019/07/26 9:15 p.m.•321 views

CVE-2019-10265

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.

7.8CVSS7.4AI score0.00724EPSS