Lucene search
MitreCVELIST:CVE-2019-11447HistoryApr 22, 2019 - 4:01 a.m.
CVE-2019-11447
2019-04-2204:01:27
mitre
www.cve.org
8
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Related
exploitdb
exploitdb
CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)
2019-04-15 00:00:00
CuteNews 2.1.2 - Remote Code Execution
2020-09-10 00:00:00
githubexploit
githubexploit
attackerkb
attackerkb
CVE-2019-11447
2019-04-22 00:00:00
nvd
nvd
CVE-2019-11447
2019-04-22 11:29:06
packetstorm
packetstorm
CuteNews 2.1.2 Shell Upload
2021-03-17 00:00:00
CuteNews 2.1.2 Remote Code Execution
2020-09-10 00:00:00
zdt
zdt
CuteNews 2.1.2 Shell Upload Exploit
2021-03-18 00:00:00
checkpoint_advisories
checkpoint_advisories
CutePHP Cutenews Remote Code Execution (CVE-2019-11447)
2020-09-29 00:00:00
prion
prion
Design/Logic Flaw
2019-04-22 11:29:00
cve
cve
CVE-2019-11447
2019-04-22 11:29:06
wallarmlab
wallarmlab