CVE-2019-11021
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.
** EN DISPUTA ** El archivo admin/app/mediamanager en Schlix CMS versión 2.1.8-7, permite una carga de archivos sin restricciones autenticada, lo que conlleva a la ejecución de código remota. NOTA: "Si bien, sin darse cuenta, permite que un archivo PHP se cargue a través de Media Manager fue un descuido,aunque se requiere un permiso de administrador. Creemos que es bastante raro que un administrador explote un error en su propio sitio para tener su propio sitio ".
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2019-04-08 CVE Reserved
- 2019-10-24 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce | Broken Link | |
https://vuldb.com/?id.144129 | X_refsource_misc | |
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021 | X_refsource_misc | |
https://www.schlix.com/html/schlix-cms-downloads.html | Product | |
https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|