PT-2019-19014 · Webiness · Webiness Inventory
Mehmet Emiroglu
·
Publicado
2019-05-14
·
Atualizado
2019-05-22
·
CVE-2019-8404
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Webiness Inventory version 2.3
Description
An issue in the ProductModel component allows for Arbitrary File Upload through a crafted product image during new product creation. This enables an attacker to steal site information using an installed executable file or modify page contents.
Recommendations
For Webiness Inventory version 2.3, consider disabling the product image upload feature in the ProductModel component until a patch is available to prevent Arbitrary File Upload. Restrict access to the product creation functionality to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webiness Inventory