Vulnerability Details CVE-2019-10265
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
Products affected by CVE-2019-10265
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.11.0.4
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.13.0.6
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.20
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.0.8
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.10
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.4.41
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.38
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.15.6.55
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.30
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.17.0.50
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.3.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.5.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.7.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.0.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.0
-
cpe:2.3:a:ahsay:cloud_backup_suite:7.9.2.2
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.24
-
cpe:2.3:a:ahsay:cloud_backup_suite:8.1.0.50