|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-03-28 | |
| Rule Name: | Simple E-Document Upload Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | In Simple E-Document versions 3.0 to 3.1, Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |