PT-2020-10069 · Dext5 · Dext5 Upload

Donghyun

Published

2020-05-07

Updated

2021-10-29

CVE-2019-19164

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dext5 Upload versions 5.0.0.112 and earlier

Description The issue allows remote files to be executed by setting the arguments to the ActiveX method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

Recommendations For versions 5.0.0.112 and earlier, consider disabling the ActiveX control until a patch is available to prevent remote file execution. Restrict access to the dext5.ocx ActiveX Control to minimize the risk of exploitation. Avoid using the affected ActiveX method in web pages until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-19164

Affected Products

Dext5 Upload

PT-2020-10069 · Dext5 · Dext5 Upload

CVE-2019-19164

Weakness Enumeration

Related Identifiers

Affected Products

References · 6