Описание
pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames.
pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 for CKEditor mishandles certain characters in pathnames.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-19502
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11/commits/5c7a6b0e10504f08e2f50655541b767e276ce749
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/commit/c293d38c8b99444e775d94c1af50c9676c6544d2
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/compare/4.1.8...v4.1.9
- https://visat.me/security/cve-2019-19502
EPSS
Процентиль: 74%
0.00853
Низкий
CVE ID
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
EPSS
Процентиль: 74%
0.00853
Низкий