PT-2019-15761 · Titanhq · Webtitan

Published

2019-12-02

Updated

2019-12-09

CVE-2019-19020

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TitanHQ WebTitan versions prior to 5.18

Description An issue in the administration web interface allows an attacker to upload a crafted backup file, enabling the execution of arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.

Recommendations For versions prior to 5.18, update to version 5.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface and limiting the ability to upload files to prevent potential exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-19020

Affected Products

Webtitan

PT-2019-15761 · Titanhq · Webtitan

CVE-2019-19020

Weakness Enumeration

Related Identifiers

Affected Products

References · 4