Scada-LTS icon indicating copy to clipboard operation
Scada-LTS copied to clipboard

Published 20 hours ago verified publisher icon SCADA-LTS

Patch for CVE-2021-26828

Open Galapag0s opened this issue 2 years ago • 0 comments

CVE-2021-26828 was reported over one year ago, but it does not appear as if the vulnerability was reported to ScadaLTS.

A review of ScadaLTS found the application is vulnerable to arbitrary JSP uploads from low level users.

This patch attempts to restrict uploads based on the provided file type.

Galapag0s avatar Apr 09 '22 18:04 Galapag0s