2024-03-19 12:12:13
INCIBE
PUBLISHED
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via /config/espanol/update_password.jsp file. Modifying the M4_NEW_PASSWORD parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.