PT-2019-19303 · Tiny+1 · Tiny Issue+1

Mrfko

Publicado

2019-02-22

Atualizado

2021-07-21

CVE-2019-9002

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tiny Issue versions 1.3.1 through 1.3.2c pixeline Bugs versions 1.3.1 through 1.3.2c

Description An issue allows remote attackers to execute arbitrary PHP code via the database host parameter in the install/config-setup.php file if the installer remains present in its original directory after installation is completed.

Recommendations For Tiny Issue versions 1.3.1 through 1.3.2c, remove the installer from its original directory after installation is completed to prevent exploitation. For pixeline Bugs versions 1.3.1 through 1.3.2c, remove the installer from its original directory after installation is completed to prevent exploitation.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2019-9002

Produtos afetados

Tiny Issue

Pixeline Bugs

PT-2019-19303 · Tiny+1 · Tiny Issue+1

CVE-2019-9002

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4