An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
10/03/2022
by Quicklert
2 years ago