PT-2019-14623 · Indexhibit · Indexhibit

Published

2019-09-14

Updated

2021-07-21

CVE-2019-16314

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Indexhibit version 2.1.5

Description The issue allows for a product reinstallation, which can result in remote code execution. This can be achieved via the "/ndxzstudio/install.php?p=2" API endpoint.

Recommendations For Indexhibit version 2.1.5, consider restricting access to the /ndxzstudio/install.php API endpoint to prevent reinstallation and potential remote code execution until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-16314

Affected Products

Indexhibit

PT-2019-14623 · Indexhibit · Indexhibit

CVE-2019-16314

Related Identifiers

Affected Products

References · 3