exploitDog

CVE-2019-19020

Опубликовано: 02 дек. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.

Ссылки

https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory
https://write-up.github.io/webtitan/
Exploit
Third Party Advisory
https://www.webtitan.com/resources/product-updates/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:titanhq:webtitan:*:*:*:*:*:*:*:*

Версия до 5.18 (исключая)

EPSS

Процентиль: 77%

0.01021

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-vjh2-6hpx-j5rv

github

больше 3 лет назад

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.

EPSS

Процентиль: 77%

0.01021

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-434