PT-2019-9844 · Webgalamb · Webgalamb

Daniel Jones

Published

2019-03-17

Updated

2019-03-22

CVE-2018-19512

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Webgalamb versions prior to 7.0

Description A directory traversal vulnerability in system/ajax.php could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. The issue is related to the "wgmfile restore" functionality.

Recommendations For versions prior to 7.0, consider restricting access to the system/ajax.php endpoint, specifically the "wgmfile restore" functionality, until a patch is available. As a temporary workaround, avoid using the "wgmfile restore" feature to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-19512

Affected Products

Webgalamb

PT-2019-9844 · Webgalamb · Webgalamb

CVE-2018-19512

Weakness Enumeration

Related Identifiers

Affected Products

References · 4