CVE-2019-11819

Опубликовано: 08 мая 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

Ссылки

https://github.com/alkacon/opencms-core/issues/636
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/05/05/2
Exploit
Mailing List
Third Party Advisory
https://github.com/alkacon/opencms-core/issues/636
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/05/05/2
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*

Версия до 10.5.4 (включая)

EPSS

Процентиль: 42%

0.00203

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-q693-v7qf-p4xj