PT-2019-17649 · Morgan · Morgan

Cris_Semmle

·

Publicado

2019-03-17

·

Atualizado

2019-10-09

·

CVE-2019-5413

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions morgan versions prior to 1.9.1
Description The issue allows an attacker to inject arbitrary commands. This can occur when user input is allowed into the filter or combined with a prototype pollution attack.
Recommendations For versions prior to 1.9.1, update to version 1.9.1 or later.

Exploit

Correção

Code Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-77

Identificadores relacionados

CVE-2019-5413
GHSA-GWG9-RGVJ-4H5J

Produtos afetados

Morgan