← back
CVE-2019-13396

CVE-2019-13396

EPSS 62.6%
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/153626/FlightPath-Local-File-Inclusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47121unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://getflightpath.com/node/2650http://packetstormsecurity.com/files/153626/FlightPath-Local-File-Inclusion.html