19 Mai 2019
Vulnérabilité CVE-2019-12185 CVE Vulnerability
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. (CVSS:9.0) (Last Update:2019-05-20)
Vulnerability Details : eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. Publish Date : 2019-05-19 Last Update Date : 2019-05-20 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-12185
- Number Of Affected Versions By Product
- References For CVE-2019-12185
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-12185There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |