A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/49265 | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2020-12-23 19:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-35370
Mitre link : CVE-2020-35370
CVE.ORG link : CVE-2020-35370
JSON object : View
Products Affected
raysync
- raysync
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')