cbcvebase.
CVE-2014-8516
published 2020-01-03

CVE-2014-8516: Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an…

PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
81.68%
99.6th percentile
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.

Detection & IOCsextracted from sources · hover to see the quote

url/Admin/archive/upload.jsp?mode=getZip
path/Admin/archive/upload.jsp
path./webapps/Admin/archive/ArchiveCache/
url/Admin/archive/ArchiveCache/<payload>.jsp
port8001
  • Detect multipart POST/GET to /Admin/archive/upload.jsp with mode=getZip and a filename containing a null byte followed by 'Archive0101140101.zip' — this is the upload bypass technique used to smuggle a .jsp payload.
  • Monitor HTTP GET requests to /Admin/archive/ArchiveCache/*.jsp — this path is where uploaded JSP payloads are executed after upload.
  • Alert on authentication attempts using the default hidden username 'Scheduler' or default admin credentials (Admin/Admin) against the NetCharts admin console on port 8001.
  • Flag any file upload to the NetCharts server where the submitted filename contains a null byte (\x00), used to bypass extension filtering.
  • ·The 'Scheduler' hidden user is only usable after any modification to the user database (user added or admin password changed); without that precondition, valid credentials must be supplied for exploitation.
  • ·The default Admin password for NetCharts Server is 'Admin' — installations with unchanged defaults are immediately exploitable without needing the Scheduler account.
  • ·The Metasploit module targets Visual Mining NetCharts Server 7.0 specifically; applicability to other versions is unconfirmed.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.