PT-2021-9038 · Viki Vera · Viki Vera

Published

2021-01-05

Updated

2021-07-21

CVE-2019-20484

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Viki Vera version 4.9.1.26180

Description An issue allows a user without access to a project to download or upload project files by directly opening the Project URL in the browser after logging in.

Recommendations For Viki Vera version 4.9.1.26180, consider restricting direct access to project URLs for unauthorized users as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2019-20484

Affected Products

Viki Vera

PT-2021-9038 · Viki Vera · Viki Vera

CVE-2019-20484

Weakness Enumeration

Related Identifiers

Affected Products

References · 4