|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-07-02 | |
| Rule Name: | Winstaryc AnXiaoYi FileUpProductupdate.aspx Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Anxiaoyi is a comprehensive Internet + education informatization solution of Winstaryc. There is an arbitrary file upload vulnerability in the FileupProductupdate.aspx interface of the smart campus management system. An unauthenticated attacker can upload malicious backdoor files through the vulnerability to execute arbitrary code and gain access to the server. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |