CVE-2017-9602 — CRITICAL (9.8)

Vulnerability Description

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kbvault Mysql Project	Kbvault Mysql	0.16a

Related Weaknesses (CWE)

CWE-732

References

https://www.exploit-db.com/exploits/42184/MitigationThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/42184/MitigationThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-9602?

CVE-2017-9602 is a vulnerability with a CVSS score of 9.8 (CRITICAL). KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deleti...

How severe is CVE-2017-9602?

CVE-2017-9602 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-9602?

Check the references section above for vendor advisories and patch information. Affected products include: Kbvault Mysql Project Kbvault Mysql.