Published: 26/07/2019 Updated: 31/07/2019

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ahsay cloud backup suite

# Unauthenticated XML External Entity (XXE) in Ahsay Backup v7x - v81050 # Date: 26-6-2019 # Exploit Author: Wietse Boonstra # Vendor Homepage: ahsaycom # Software Link: ahsay-dnahsaycom/v8/81050/cbs-winexe # Version: 7x < 81050 # Tested on: Windows / Linux # CVE : CVE-2019-10266 #Ahsay is vulnerable to a OOB Unauth ...

Ahsay Backup versions 7x through 81150 suffer from an XML external entity injection vulnerability ...

CWE-611 https://www.wbsec.nl/ahsay/http://packetstormsecurity.com/files/153772/Ahsay-Backup-7.x-8.x-XML-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47181

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-10266

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect