Full title: ABB Cylon Aspect 3.08.03 webServerDeviceLabelUpdate.php Denial of Service Vulnerability 
Category: dos / poc
Platform: php
ABB Cylon Aspect version 3.08.03 suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the deviceLabel POST parameter to write arbitrary content to a fixed file location at /usr/local/aam/etc/deviceLabel, potentially causing a denial of service.

# 0day.today @ http://0day.today/