AvePoint Products Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in multiple AvePoint products, including DocAve 6.13.2, Perimeter 1.12.3, and Compliance Guardian 4.7.1 and earlier versions. This vulnerability enables administrator users to upload files without adequate validation, potentially allowing the upload of malicious files that could compromise the system. Additionally, the vulnerability is susceptible to path traversal, which could be exploited to write files to arbitrary directories within the web root.

Impact

Exploitation of this vulnerability could lead to the upload of malicious files that compromise the system. The path traversal aspect of the vulnerability allows for writing files to arbitrary directories within the web root, potentially facilitating further exploitation.

Remediation

Users are advised to upgrade to the latest versions of the affected products. For DocAve, version 6.13.3 is available. Perimeter users should update to version 1.12.4. Compliance Guardian users should install the patch available for Compliance Guardian Manager servers.