PT-2019-16809 · Wallace · Wallacepos

Published

2019-07-31

Updated

2019-08-06

CVE-2019-3960

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WallacePOS version 1.4.3

Description The issue allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file due to the unrestricted upload of files with dangerous types.

Recommendations For WallacePOS version 1.4.3, consider restricting file uploads to only allow safe file types and implement proper validation and sanitization of uploaded files to prevent the execution of arbitrary code.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-3960

Affected Products

Wallacepos

PT-2019-16809 · Wallace · Wallacepos

CVE-2019-3960

Weakness Enumeration

Related Identifiers

Affected Products

References · 3