Selesta Visual Access Manager Arbitrary File Write Vulnerability

Vulnerability

A vulnerability allowing authenticated attackers to write arbitrary files has been identified in Selesta Visual Access Manager (VAM) versions prior to 4.42.2. This issue arises from the ability to manipulate POST parameters on the 'common/vam_Sql.php' page.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation on the server, potentially allowing for further attacks such as remote code execution, depending on the file's nature and location.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Selesta Visual Access Manager Arbitrary File Write Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating