CVE-2019-16113

EPSS 78.0%

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 15

githubgithub.com/cybervaca/CVE-2019-16113★ 13 githubgithub.com/hg8/CVE-2019-16113-PoC★ 5 githubgithub.com/ynots0ups/CVE-2019-16113★ 5 githubgithub.com/mind2hex/CVE-2019-16113-Bludit-3.9.2-RCE★ 1 githubgithub.com/DXY0411/CVE-2019-16113★ 0 githubgithub.com/m4rm0k/CVE-2019-16113★ 0 githubgithub.com/tronghoang89/cve-2019-16113★ 0 githubgithub.com/Kenun99/CVE-2019-16113-Dockerfile★ 0 githubgithub.com/dldygnl/CVE-2019-16113★ 0 exploitdbwww.exploit-db.com/exploits/48568no verificado cve_referencepacketstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.htmlno verificado cve_referencepacketstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.htmlno verificado exploitdbwww.exploit-db.com/exploits/48701no verificado exploitdbwww.exploit-db.com/exploits/47699no verificado cve_referencepacketstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.html http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html https://github.com/bludit/bludit/issues/1081