← back
CVE-2019-10266

CVE-2019-10266

EPSS 13.3%
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/153772/Ahsay-Backup-7.x-8.x-XML-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47181unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153772/Ahsay-Backup-7.x-8.x-XML-Injection.htmlhttps://www.wbsec.nl/ahsay/