Security
Headlines
HeadlinesLatestCVEs

Headline

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete

The BMS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the ‘file’ parameter in ‘databasefiledelete.php’ is not properly sanitised before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Zero Science Lab
#vulnerability#web#php#perl#auth

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass