漏洞标题
N/A
漏洞描述信息
Tightrope Media Carousel数字广告机产品7.0.4.104包含在管理公告/上传功能中的任意文件上传漏洞,可以利用此漏洞实现远程代码执行。经过身份验证的黑客可以上传一个经过精心构造的 ZIP 文件(基于现有“公告”的导出备份)包含恶意文件。上传时,系统仅检查 ZIP 文件中必要的文件是否存在,只要恶意文件命名正确,它将提取所有包含文件到系统的一个新目录,该目录以随机的 GUID 命名。黑客可以通过在 Web UI 中 preview 上传的公告图像来确定 GUID。一旦确定 GUID,黑客可以访问恶意文件并执行它。在测试中,上传了一个 ASPX 网页壳,允许在受限制 IIS 用户上下文中进行远程代码执行。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file (based on an exported backup of existing "Bulletins") containing a malicious file. When uploaded, the system only checks for the presence of the needed files within the ZIP and, as long as the malicious file is named properly, will extract all contained files to a new directory on the system, named with a random GUID. The attacker can determine this GUID by previewing an image from the uploaded Bulletin within the web UI. Once the GUID is determined, the attacker can navigate to the malicious file and execute it. In testing, an ASPX web shell was uploaded, allowing for remote-code execution in the context of a restricted IIS user.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Tightrope Media System Carousel digital signage 代码问题漏洞
漏洞描述信息
Tightrope Media System Carousel digital signage是美国Tightrope Media System公司的一套数字标牌管理系统。 Tightrope Media Carousel digital signage 7.0.4.104版本中的Manage Bulletins/Upload功能存在任意文件上传漏洞,该漏洞源于程序仅检查了ZIP文件中所需的文件而没有检查名称正确的恶意文件。攻击者可通过上传特制的ZIP文件利用该漏洞执行恶意的文件。
CVSS信息
N/A
漏洞类别
代码问题