Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
References
Link | Resource |
---|---|
https://pentest.com.tr/exploits/Feng-Office-3-7-0-5-Unauthenticated-Remote-Command-Execution-Metasploit.html | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/46471 | Exploit VDB Entry Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-03-07 05:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-9623
Mitre link : CVE-2019-9623
CVE.ORG link : CVE-2019-9623
JSON object : View
Products Affected
fengoffice
- feng_office
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type