CNNVD-202507-3899 Information
CNNVD ID
CNNVD-202507-3899
Related CVE
- CNNVD Published: 2025-07-31
Description (Chinese)
Kaseya KServer是美国Kaseya公司的一个管理系统的中心服务器节点。 Kaseya KServer 6.3.0.2之前版本存在安全漏洞,该漏洞源于uploadImage.asp端点未经验证和清理,可能导致任意文件上传和远程代码执行。
Description (English)
Kaseya KServer is the central server node of a United States company, Kaseya. Before Kaseya KServer 6.3.0.2, there was a security loophole, which originated from the unverified and uncleaned superadImage.asp endpoint, which could lead to any document upload and remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
卡西亚
Published
2025-07-31
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf https://web.archive.org/web/20150210113922/ https://www.exploit-db.com/exploits/29675 https://www.vulncheck.com/advisories/kaseya-arbitrary-file-upload-rce