N/A

Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.

N/A

N/A

SysAid Help Desk 任意文件上传漏洞

SysAid Help Desk是美国SysAid公司的一套基于Web的IT管理软件。该软件支持流程自动化、资产管理和任务管理等。 SysAid Help Desk 15.2之前版本的ChangePhoto.jsp脚本中存在任意文件上传漏洞。远程攻击者可通过上传带有.jsp扩展的文件，并发送直接的请求访问该文件利用该漏洞执行任意代码。

N/A

N/A