CVE-2017-16610
23.01.2018, 01:29
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751.
| Vendor | Product | Version |
|---|---|---|
| netgain-systems | enterprise_manager | 𝑥 < 7.2.766 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.