Severity: Critical
Invicti identified that code execution via WebDAV. Invicti successfully uploaded a file via PUT
method and then renamed this file via MOVE
method. When requesting the file, code is executed in the context of the web server. At the end of the attack, Invicti tried to delete the file.