Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-10036 β€” Unrestricted File Upload in Artifactory

CWE-434 β€” Unrestricted File Upload4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
13.5%
top 5.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Jfrog Artifactory
Timeline
PublishedMay 1
Latest updateMay 14

Description

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDjfrog/artifactory< 4.16

πŸ”΄Vulnerability Details

2
GHSA
GHSA-6g8f-89g9-p58q: Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4β†—2022-05-14
β–Ά
CVEList
CVE-2016-10036: Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4β†—2018-05-01
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution↗2018-04-26
β–Ά
CVE-2016-10036 β€” Unrestricted File Upload | cvebase