N/A

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.

N/A

N/A

KBVault Mysql Free Knowledge Base 权限许可和访问控制问题漏洞

KBVault Mysql package是一个Web应用程序数据包 KBVault Mysql Free Knowledge Base 0.16a版本中存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞向Uploads/Documents/上传ASPX脚本，执行任意代码。

N/A

N/A