Lucene search
GoogleOSV:GHSA-73XJ-V6GC-G5P5HistoryMay 13, 2022 - 1:10 a.m.
Subrion CMS RCE Vulnerability
2022-05-1301:10:00
Google
osv.dev
9
0.845 High
EPSS
Percentile
98.5%
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
References
packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html
github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab
github.com/intelliants/subrion/issues/801
nvd.nist.gov/vuln/detail/CVE-2018-19422
Related
packetstorm
packetstorm
Subrion CMS 4.2.1 Shell Upload
2021-05-17 00:00:00
Intelliants Subrion CMS 4.2.1 Remote Code Execution
2023-08-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2018-11-23 01:41:11
checkpoint_advisories
checkpoint_advisories
Subrion CMS Remote Code Execution (CVE-2018-19422)
2021-05-27 00:00:00
github
github
Subrion CMS RCE Vulnerability
2022-05-13 01:10:00
prion
prion
Design/Logic Flaw
2018-11-21 21:29:00
zdt
zdt
Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) Exploit
2021-05-17 00:00:00
Intelliants Subrion CMS 4.2.1 Remote Code Execution Exploit
2023-08-08 00:00:00
cve
cve
CVE-2018-19422
2018-11-21 21:29:00
osv
osv
CVE-2018-19422
2018-11-21 21:29:00
cvelist
cvelist
CVE-2018-19422
2018-11-21 00:00:00
nvd
nvd
CVE-2018-19422
2018-11-21 21:29:00
exploitdb
exploitdb
Subrion CMS 4.2.1 - Arbitrary File Upload
2021-05-17 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-08-04 19:03:43
kitploit
kitploit
FUSE - A Penetration Testing Tool For Finding File Upload Bugs
2021-10-10 20:30:00