PT-2019-15764 · Jalios · Jalios Jcms

Ricardojoserf

Published

2019-11-21

Updated

2020-08-24

CVE-2019-19033

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jalios JCMS version 10

Description The issue allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account. This is achieved by using any username and a hardcoded dev password.

Recommendations For Jalios JCMS version 10, change the hardcoded dev password to prevent unauthorized access. Consider disabling the backdoor account until a more permanent fix is available. Restrict access to the WebDAV server to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-19033

Affected Products

Jalios Jcms

PT-2019-15764 · Jalios · Jalios Jcms

CVE-2019-19033

Weakness Enumeration

Related Identifiers

Affected Products

References · 5