|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-03 | |
| Rule Name: | Esafenet importFileType Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Esafenet Electronic Document Security Management System is an electronic document security encryption software. There is an arbitrary file upload vulnerability in the importFileType.do interface of the Yisaitong electronic document security management system. Attackers can exploit this vulnerability to upload malicious files, execute malicious code, and obtain server privileges. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |