VYPR
Unrated severityNVD Advisory· Published Jul 9, 2021· Updated Aug 3, 2024

(Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6

CVE-2021-30121

Description

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.