exploitDog

CVE-2019-18958

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.

Ссылки

https://a-man-in-the-cookie.blogspot.com/2019/11/nitro-pro-vulnerability.html
Exploit
Third Party Advisory
https://a-man-in-the-cookie.blogspot.com/2019/11/nitro-pro-vulnerability.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gonitro:nitro_pro:*:*:*:*:*:*:*:*

Версия до 13.2 (исключая)

EPSS

Процентиль: 0%

0.00005

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-j395-6955-mv56

github

больше 3 лет назад

Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed.

EPSS

Процентиль: 0%

0.00005

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-732