mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
892 B
892 B
CVE-2021-27197
Description
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page (e.g., with "OBJECT classid=" and "<SCRIPT language='vbscript'>") to overwrite arbitrary files.
POC
Reference
Github
No PoCs found on GitHub currently.