Create SysAid_userentry_file_upload_vulnerability.md

SysAid_userentry_file_upload_vulnerability.md

@@ -0,0 +1,12 @@
+## SysAid userentry file upload vulnerability (CVE-2023-47246)
+
+|   **Vulnerability**  | SysAid userentry file upload vulnerability (CVE-2023-47246)  |
+| :----:   | :-----|
+|  **Chinese name**  | SysAid userentry 文件上传漏洞（CVE-2023-47246）	 |
+| **CVSS core**  | 	9.8 |
+| **FOFA Query**  (click to view the results directly)| [	app="SysAid-Help-Desk"](https://en.fofa.info/result?qbase64=Ym9keT0ic3lzYWlkLWxvZ28tZGFyay1ncmVlbi5wbmciIHx8IHRpdGxlPSJTeXNBaWQgSGVscCBEZXNrIFNvZnR3YXJlIiB8fCBib2R5PSJIZWxwIERlc2sgc29mdHdhcmUgPGEgaHJlZj1cImh0dHA6Ly93d3cuc3lzYWlkLmNvbVwiPmJ5IFN5c0FpZDwvYT4i)|
+| **Number of assets affected**  | 1819 |
+| **Description**  | 	SysAid is an information technology (IT) service management and help desk solution designed to help organizations more effectively manage their IT infrastructure, help desk support and user needs. SysAid provides a series of functions, including fault reporting, asset management, problem management, change management, knowledge base, automated workflow, etc., to help enterprises improve the efficiency and quality of IT services.SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled. |
+| **Impact** | 	SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled. |
+
+![](https://s3.bmp.ovh/imgs/2023/11/15/105d49cb7220f659.gif)