PT-2019-18970 · Unknown · Upload-Image-With-Ajax

Larry W. Cashdollar

Published

2019-12-23

Updated

2020-01-02

CVE-2019-8293

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions upload-image-with-ajax version 1.0

Description A logic error in the code allows arbitrary files to be uploaded to the web root, enabling code execution.

Recommendations For upload-image-with-ajax version 1.0, consider disabling the file upload functionality until a patch is available to prevent arbitrary file uploads and potential code execution.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-8293

Affected Products

Upload-Image-With-Ajax

PT-2019-18970 · Unknown · Upload-Image-With-Ajax

CVE-2019-8293

Weakness Enumeration

Related Identifiers

Affected Products

References · 4