What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2.
Explanation of Vulnerability in Simple Terms
Energia versions up to 1.1.2 allow unauthenticated attackers to upload files without restriction. An attacker can upload malicious files over the network with no special access or user interaction required. This can lead to complete compromise of confidentiality, integrity, and availability of the affected system and potentially connected systems.
What an attacker can do
Upload malicious files to the server without authentication or user interaction.
Potential impact on your site
Complete compromise of the server: attackers can upload and execute malicious code, steal data, modify content, and disrupt service.
Conditions required to exploit
Network access to the Energia application. No authentication or user interaction required.
Key dates
External resources