CVE-2018-1000619

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.
References
Link Resource
https://drive.google.com/open?id=195h-LirGiIVKxioyusw3SvmLp8BljPxe Technical Description Third Party Advisory
https://www.ovidentia.org/index.php? Vendor Advisory
https://www.ovidentia.org/modules Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovidentia:ovidentia:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-09 20:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-1000619

Mitre link : CVE-2018-1000619

CVE.ORG link : CVE-2018-1000619


JSON object : View

Products Affected

ovidentia

  • ovidentia
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type