2019-07-26 20:53:37
mitre
PUBLISHED
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web servers directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator).