CVE-2012-6274

Bigantsoft Bigant IM Message Server - Authentication Bypass

Title source: rule

Description

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/24528

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Hamburgers Maccoy, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/bigant_server_dupf_upload.rb

View Code ZIP pw:eip

References (1)

[US Government Resource] http://www.kb.cert.org/vuls/id/990652

Scores

EPSS 0.7534

EPSS Percentile 98.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

bigantsoft/bigant_im_message_server

Timeline

Published Feb 24, 2013

Tracked Since Feb 18, 2026