← volver
CVE-2019-18873

CVE-2019-18873

EPSS 8.2%
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
githubgithub.com/fuzzlove/FUDforum-XSS-RCE7exploitdbwww.exploit-db.com/exploits/47650no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/fuzzlove/FUDforum-XSS-RCEhttps://sourceforge.net/p/fudforum/code/6321/