जमा करें #680873: OpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) Unrestricted Uploadजानकारी

शीर्षकOpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) Unrestricted Upload
विवरणOpenClinica is vulnerable to Remote Code Execution (RCE) via path traversal arbitrary file write in the "Import CRF Data" function. The upload handler trusts the client-supplied filename and accepts ../ traversal, allowing writes outside the intended directory. By targeting the deployed webapp path, an attacker can write a JSP and achieve execution when the file is requested. A detailed write-up is available in the link provided.
स्रोत⚠️ https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-rce.md
उपयोगकर्ता
 mikecole-mg (UID 89343)
सबमिशन23/10/2025 04:37 AM (9 महीनों पहले)
संयम09/11/2025 07:42 AM (17 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि331642 [OpenClinica Community Edition तक 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file निर्देशिका ट्रैवर्सल]
अंक20

Interested in the pricing of exploits?

See the underground prices here!