CVE-2019-12725

Sažetak

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

Reference

https://zeroshell.org/blog/
https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html
http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-05-2021 - 18:15

Objavljeno

19-07-2019 - 23:15