|
Description
|
|
Multiple vulnerabilities have been identified in PatchLink Update, which could be exploited by attackers to compromise a vulnerable server or manipulate and disclose certain information.
The first issue is due to an input validation error in the "checkprofile.asp" script that does not validate the "agentid" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
The second flaw is due to an access validation error in the "proxyreg.asp" script when the FastPatch add-on is installed, which could be exploited by unauthenticated attackers to view, add, or delete configured PatchLink Distribution Point (PDP) servers.
The third vulnerability is due to input validation errors in the "nwupload.asp" script that does not validate certain parameters, which could be exploited by unauthenticated users to conduct directory traversal attacks and write files to arbitrary directories.
|
