N/A

An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\SYSTEM).

N/A

N/A

Echo ShareCare 代码问题漏洞

ShareCare是Echo Group 的一个临床和财务软件系统。 Echo ShareCare 8.15.5版本存在安全漏洞，该漏洞源于"Access/DownloadFeed_Mnt/FileUpload_Upd.cfm"中的文件上传功能在处理来自经过身份验证的用户的远程输入时，通过 name1 参数容易受到不受限制的上传漏洞的影响，从而导致能够通过将任意文件写入任意文件系统位置。

N/A

N/A