vendor:
Airia
by:
HaHwul
7.5
CVSS
HIGH
Webshell Upload
434
CWE
Product Name: Airia
Affected Version From: Latest commit
Affected Version To: Latest commit
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Debian [wheezy]
2016
Airia – Webshell Upload Vulnerability
This exploit allows an attacker to upload a webshell to the target system using the Airia application. The attacker needs to provide the target URL and the PHP code to be executed on the target system.
Mitigation:
The vendor should release a patch to fix this vulnerability. In the meantime, users should ensure that the Airia application is not accessible from the internet or restrict access to trusted IP addresses only.