CVE-2012-5190
published 2020-01-21CVE-2012-5190: Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.65%
90.6th percentile
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accusoft | prizm_content_connect | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to default.aspx containing a remote URL in the 'document' parameter, which is the attack vector used to trigger remote file download/upload. ↗
- →The application discloses the full path and randomly-named .aspx file dropped to the web root (e.g. C:\Project\ajwyfw45itxwys45fgzomrmv.aspx); alert on responses containing 'Full Document Path:' with a .aspx extension. ↗
- →After the upload, the attacker directly requests the dropped ASPX webshell from the web root; monitor for GET requests to randomly-named .aspx files in the root that were not previously present. ↗
- →Uploaded/downloaded files are staged in C:\tempcache\ before being placed in the web root; monitor this directory for unexpected .aspx files. ↗
- ·The vulnerable parameter is 'document' in default.aspx, which accepts a remote URL and causes the server to fetch and store the file — this is the exploitable SSRF/upload primitive. ↗
- ·The application reveals the full server-side path and filename of the downloaded file in the HTTP response body ('Document Location', 'Full Document Path', 'Temp Location'), enabling a two-stage exploit. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2020-01-21
Published