Vulnerability Description
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emca | Energy Logserver | 6.1.2 |
Related Weaknesses (CWE)
References
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.htmlRelease NotesThird Party Advisory
- https://energylogserver.pl/en/Vendor Advisory
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7ExploitThird Party Advisory
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/masterPatchThird Party Advisory
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.htmlRelease NotesThird Party Advisory
- https://energylogserver.pl/en/Vendor Advisory
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7ExploitThird Party Advisory
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/masterPatchThird Party Advisory
FAQ
What is CVE-2019-14521?
CVE-2019-14521 is a vulnerability with a CVSS score of 7.5 (HIGH). The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
How severe is CVE-2019-14521?
CVE-2019-14521 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14521?
Check the references section above for vendor advisories and patch information. Affected products include: Emca Energy Logserver.