PT-2019-14623 · Indexhibit · Indexhibit

Publicado

2019-09-14

Atualizado

2021-07-21

CVE-2019-16314

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Indexhibit version 2.1.5

Description The issue allows for a product reinstallation, which can result in remote code execution. This can be achieved via the "/ndxzstudio/install.php?p=2" API endpoint.

Recommendations For Indexhibit version 2.1.5, consider restricting access to the /ndxzstudio/install.php API endpoint to prevent reinstallation and potential remote code execution until a fix is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-16314

Produtos afetados

Indexhibit

PT-2019-14623 · Indexhibit · Indexhibit

CVE-2019-16314

Identificadores relacionados

Produtos afetados

Referências · 3