Published: 25/08/2017 Updated: 27/07/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An Unrestricted Upload of File with Dangerous Type issue exists in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
automatedlogic sitescan web
automatedlogic i-vu
carrier automatedlogic webctrl

#!/usr/bin/env python # -*- coding: utf8 -*- # # # Automated Logic WebCTRL 65 Unrestricted File Upload Remote Code Execution # # # Vendor: Automated Logic Corporation # Product web page: wwwautomatedlogiccom # Affected version: ALC WebCTRL, i-Vu, SiteScan Web 65 and prior # ALC WebCTRL, SiteScan Web 61 and prior # ...

Automated Logic WebCTRL version 65 suffers from an unrestricted file upload vulnerability that allows for remote code execution ...

CWE-434 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 https://www.exploit-db.com/exploits/42544/http://www.securityfocus.com/bid/100452 https://nvd.nist.gov https://www.exploit-db.com/exploits/42544/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9650

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect