ГлавнаяУязвимости → CVE-2019-25271
7.8высокая

CVE-2019-25271

Описание

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.netgate.sk/https://www.exploit-db.com/exploits/47746https://www.vulncheck.com/advisories/netgate-data-backup-ngdatbckpsrv-unquoted-service-path