Arbitrary File Upload Vulnerability in Microstrategy Web 10.4 Admin Panel

Arbitrary File Upload Vulnerability in Microstrategy Web 10.4 Admin Panel

CVE-2020-11451 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.

Learn more about our Web App Pen Testing.