GCVE - cpe:2.3:a:ahsay:cloud_backup_suite:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ahsay:cloud_backup_suite:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ahsay (`a8f2b2a7-9ddb-5c05-a50b-43e8dc4f9aef`)
Product	Cloud Backup Suite (`2947a9fb-9525-5705-b7bf-cee5550caf52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-10267`	vulnerable	2026-06-08 05:12:23.080586	Details available An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the configured user (e.g., Administrator). Published: 2019-07-26T20:53:37.000Z Updated: 2024-08-04T22:17:19.674Z Open on db.gcve.eu Reference links https://www.wbsec.nl/ahsay/ http://packetstormsecurity.com/files/153771/Ahsay-Backup-7.x-8.x-File-Upload-Remote-Code-Execution.html http://packetstormsecurity.com/files/153770/Ahsay-Backup-7.x-8.x-File-Upload-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10266`	vulnerable	2026-06-08 05:12:23.080274	Details available An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication. Published: 2019-07-26T20:51:46.000Z Updated: 2024-08-04T22:17:19.641Z Open on db.gcve.eu Reference links https://www.wbsec.nl/ahsay/ http://packetstormsecurity.com/files/153772/Ahsay-Backup-7.x-8.x-XML-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10265`	vulnerable	2026-06-08 05:12:23.079978	Details available An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server. Published: 2019-07-26T20:49:15.000Z Updated: 2024-08-04T22:17:19.784Z Open on db.gcve.eu Reference links https://www.wbsec.nl/ahsay/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10264`	vulnerable	2026-06-08 05:12:23.079661	Details available An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE. Published: 2019-07-26T20:46:24.000Z Updated: 2024-08-04T22:17:19.678Z Open on db.gcve.eu Reference links https://www.wbsec.nl/ahsay/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10263`	vulnerable	2026-06-08 05:12:23.079192	Details available An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When creating a trial account, it is possible to inject XSS in the Alias field, allowing the attacker to retrieve the admin's cookie and take over the account. Published: 2019-07-26T20:44:23.000Z Updated: 2024-08-04T22:17:19.719Z Open on db.gcve.eu Reference links https://www.wbsec.nl/ahsay/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.