PT-2019-12159 · Sunnet · Sunnet Wmpro
Tony Kuo
+1
·
Publicado
2019-07-11
·
Atualizado
2023-03-01
·
CVE-2019-11062
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SUNNET WMPro versions 5.0 through 5.1
Description
The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication.
Recommendations
For versions 5.0 and 5.1, consider restricting access to the "/teach/course/doajaxfileupload.php" API endpoint until a patch is available. As a temporary workaround, disabling the functionality related to this endpoint may help minimize the risk of exploitation.
Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sunnet Wmpro