CVE-2022-44006

N/A

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file.

N/A

N/A

BACKCLICK 路径遍历漏洞

BACKCLICK是德国BACKCLICK公司的一种营销软件，可帮助组织创建、实施、评估和运行基于 web 的电子邮件活动。 BACKCLICK Professional 5.9.63版本存在安全漏洞，该漏洞源于上传文件名的验证或清理不当，外部可访问、未经身份验证的更新功能允许在预期目标位置之外写入文件，攻击者利用该漏洞可以上传可执行文件。

N/A

N/A