Main
Vulnerability Database
Exploits
ID:1294 - Exploit for Privilege escalation in Automated Logic Corporation products - CVE-2017-9650
ID:1294 - Exploit for Privilege escalation in Automated Logic Corporation products - CVE-2017-9650
Published: March 18, 2020
Vulnerability identifier: #VU7998
Vulnerability risk: High
CVE-ID: CVE-2017-9650
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
WebCTRL
i-Vu
SiteScan Web
WebCTRL
i-Vu
SiteScan Web
Link to public exploit:
Vulnerability description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to unrestricted upload of file with dangerous type. A remote attacker can upload malicious files and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install updates from vendor's website.