SolarWinds Storage Resource Monitor < 6.2 ProcessFileUpload.jsp File Upload RCE
Critical Nessus Plugin ID 86421
SynopsisThe remote host is running a web application affected by a remote code execution vulnerability.
DescriptionThe remote host is running a version of SolarWinds Storage Resource Monitor (formerly SolarWinds Storage Manager) prior to 6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files by the ProcessFileUpload.jsp script. An unauthenticated, remote attacker can exploit this vulnerability to upload malicious PHP scripts, resulting in the execution of arbitrary code with the privileges of the web server.
SolutionUpgrade to SolarWinds Storage Manager version 6.2 or later.