An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24984
Reference (s):
- https://c41nc.co.uk/cve-2020-24984/