Cloud Backup Suite
CVE-2020-5846
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds.
AnalysisAI
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full system access as the configured user (e.g., Administrator) when starting from any authenticated session (e.g., a trial account). This is fixed in the 83/830122/cbs-*-hotfix-task26000 builds. Affected products include: Ahsay Cloud Backup Suite.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Cloud Backup Suite
View allAn insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. Rated high severit
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Rated high severity (CV
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.2), this vulnerability
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated medium severity (CVSS 6.1), this vulnerabilit
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today