Vulnerability Details CVE-2019-10264
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
Products affected by CVE-2019-10264
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.4
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.6
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.8
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.41
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.38
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.55
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.30
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.50
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.5.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.24
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.50