CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.
References
Link Resource
https://github.com/AvaterXXX/CVEs/blob/master/cim.md#getshell Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cim_project:cim:0.9.3:*:*:*:*:*:*:*

Information

Published : 2019-02-10 08:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-7692

Mitre link : CVE-2019-7692


JSON object : View

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

dedicated server usa

Products Affected

cim_project

  • cim