CVE-2016-0854
CRITICALAdvantech WebAccess <8.1 - File Upload
Title source: llmDescription
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/39735
metasploit
WORKING POC
EXCELLENT
by rgod · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/advantech_webaccess_dashboard_file_upload.rb
References (6)
Scores
CVSS v3
9.8
EPSS
0.7215
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
advantech/webaccess
< 8.0
Published
Jan 15, 2016
Tracked Since
Feb 18, 2026