Vulnerability Details : CVE-2012-6274
Public exploit exists!
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2012-6274
92.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-6274
-
BigAnt Server DUPF Command Arbitrary File Upload
Disclosure Date: 2013-01-09First seen: 2020-04-26exploit/windows/misc/bigant_server_dupf_uploadThis exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory trave
CVSS scores for CVE-2012-6274
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-6274
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6274
-
http://www.kb.cert.org/vuls/id/990652
VU#990652 - BigAnt IM Message server and components contain multiple vulnerabilitiesUS Government Resource
Products affected by CVE-2012-6274
- cpe:2.3:a:bigantsoft:bigant_im_message_server:-:*:*:*:*:*:*:*