ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: krcert
Published: 2019-10-30T20:46:38
Updated: 2019-10-30T20:46:38
Reserved: 2019-10-07T00:00:00
Link: CVE-2019-17322
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-30T21:15:11.927
Modified: 2021-11-03T17:06:48.740
Link: CVE-2019-17322
JSON object: View
Redhat Information
No data.