An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php | Exploit Third Party Advisory | 
| https://www.exploit-db.com/exploits/37888/ | Exploit Third Party Advisory VDB Entry | 
| https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2 | Third Party Advisory | 
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php | Exploit Third Party Advisory | 
| https://www.exploit-db.com/exploits/37888/ | Exploit Third Party Advisory VDB Entry | 
| https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2 | Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2018-08-27 04:29
Updated : 2024-11-21 02:40
NVD link : CVE-2015-9263
Mitre link : CVE-2015-9263
CVE.ORG link : CVE-2015-9263
JSON object : View
Products Affected
                idera
- uptime_infrastructure_monitor
CWE
                
                    
                        
                        CWE-434
                        
            Unrestricted Upload of File with Dangerous Type
