CVE-2019-9106

Опубликовано: 31 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

Ссылки

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Product
Vendor Advisory
https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*

cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01655

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-9xp8-655m-4jqr