Description

Acunetix WVS was able to create a test file within this directory using the HTTP method PUT. The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload. A poorly configured Web server can mistakenly provide remote access to the PUT method without requiring any form of login.

Remediation

Restrict access for HTTP method PUT or if it's not being used, consider disabling it.

References

HTTP PUT request method

Related Vulnerabilities

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

Nginx PHP code execution via FastCGI

Unrestricted file upload vulnerability in ofc_upload_image.php

WordPress OptimizePress unrestricted file upload

Oracle E-Business Suite Unauthenticated Remote Code Execution

Severity

High

Classification

CWE-669 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

Tags

Arbitrary File Creation