Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01197
Percentile: 0.78

CVSS Scoring

Mapped CWE(s)

• CWE-434 : Unrestricted Upload of File with Dangerous Type

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1574.010 : Services File Permissions Weakness
  Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:indirmax.org:ozzywork_galeri:*:*:*:*:*:*:*:*

← Back to Home