An insecure file upload and code execution issue exists in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ahsay cloud backup suite |