Vulners
Lucene search
CVE-2019-15954
🗓️ 05 Sep 2019 18:31:43Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 127 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Total.js CMS 12 - Widget JavaScript Code Injection Exploit | 22 Oct 201900:00 | – | zdt |
 | CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution | 5 Sep 201900:00 | – | attackerkb |
 | CVE-2019-15954 | 21 Oct 201920:43 | – | circl |
 | Total.js CMS Command Injection Vulnerability | 6 Sep 201900:00 | – | cnvd |
 | CVE-2019-15954 | 5 Sep 201918:31 | – | cvelist |
 | Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit) | 22 Oct 201900:00 | – | exploitdb |
 | Total.js CMS RCE Vulnerability | 24 May 202216:55 | – | github |
 | Total.js CMS 12 Widget JavaScript Code Injection | 15 Oct 201915:11 | – | metasploit |
 | CVE-2019-15954 | 5 Sep 201919:16 | – | nvd |
 | GHSA-V287-9W3V-X5C5 Total.js CMS RCE Vulnerability | 24 May 202216:55 | – | osv |
10
Node
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| name | request body | admin/api/login/admin | Login endpoint used to obtain admin authentication to perform widget creation for exploit. | CWE-862 |
| password | request body | admin/api/login/admin | Login endpoint used to obtain admin authentication to perform widget creation for exploit. | CWE-862 |
| name | request body | admin/api/widgets | Create widget with malicious payload in the widget body leading to server-side code execution. | CWE-862 |
| category | request body | admin/api/widgets | Create widget with malicious payload in the widget body leading to server-side code execution. | CWE-862 |
| body | request body | admin/api/widgets | Create widget with malicious payload in the widget body leading to server-side code execution. | CWE-862 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Nov 2024 04:29Current
8.7High risk
Vulners AI Score8.7
CVSS 29
CVSS 3.19.9
EPSS0.56909