Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00559
Percentile: 0.67223

CVSS Scoring

Mapped CWE(s)

• CWE-434 : Unrestricted Upload of File with Dangerous Type

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1574.010 : Services File Permissions Weakness
  Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*

← Back to Home