CPE matches: cpe:2.3:a:kbvault_mysql_project:kbvault_mysql:0.16a:*:*:*:*:*:*:*
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-732, Incorrect Permission Assignment for Critical Resource:
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.