QwikSec

Security Database

CVE

CWE

Training

CVE-2018-11340

Published: May 22, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation

x_refsource_MISC

https://github.com/mefulton/asustorexploit

x_refsource_MISC

20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.