PT-2019-18705 · Php · Cim
Published
2019-02-10
·
Updated
2020-08-24
·
CVE-2019-7692
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CIM version 0.9.3
Description
The issue allows remote attackers to execute arbitrary PHP code via a crafted prefix value due to configuration file mishandling. This can be achieved by creating a .php file in the public folder, for example, through a call to the PHP
fputs function.Recommendations
For CIM version 0.9.3, update to a newer version that addresses the configuration file mishandling issue to prevent remote attackers from executing arbitrary PHP code.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cim