Vulnerabilities

CVE-2021-39392

by Fred · 15/09/2021

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers’ installations) in web.config, and can be used to send serialized ASP code.

Date published : 2021-09-15

http://www.mylittlebackup.com/mlb/zip/mlb_1.7.zip

https://gist.github.com/omriinbar/65827626e63f15e3e50557e2d9d61281

Similar

Tags: Cybersecurity Alert