Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118
References
Link | Resource |
---|---|
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ | Patch Third Party Advisory |
https://csirt.divd.nl/CVE-2021-30121 | Exploit Third Party Advisory |
https://csirt.divd.nl/DIVD-2021-00011 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-09T13:24:28
Updated: 2022-04-04T06:25:19
Reserved: 2021-04-02T00:00:00
Link: CVE-2021-30121
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-09T14:15:07.930
Modified: 2022-04-29T18:57:59.070
Link: CVE-2021-30121
JSON object: View
Redhat Information
No data.
CWE