Unrestricted File Upload Vulnerability in Kaseya KServer
CVE-2013-10034
Key Information:
Badges
What is CVE-2013-10034?
A significant vulnerability exists in Kaseya KServer that allows unauthenticated users to upload files to arbitrary directories through the uploadImage.asp endpoint. This flaw arises from inadequate input validation and authentication checks, permitting an attacker to upload a crafted file with an .asp extension. Once successfully uploaded, such files can be executed, potentially leading to arbitrary code execution with the privileges of the IUSR account. The issue was addressed in version 6.3.0.2 by eliminating the vulnerable endpoint.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
KServer * < 6.3.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
40% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved