CVE-2019-10863

A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
References
Link Resource
https://www.exploit-db.com/exploits/46641 Exploit Patch Third Party Advisory VDB Entry
https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html Exploit Patch Third Party Advisory
https://www.exploit-db.com/exploits/46641/ Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:combodo:teemip:*:*:*:*:*:*:*:*

Information

Published : 2019-04-04 11:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-10863

Mitre link : CVE-2019-10863


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

combodo

  • teemip