Lucene search
Mehmet EmirogluPACKETSTORM:151763HistoryFeb 19, 2019 - 12:00 a.m.
Webiness Inventory 2.3 Arbitrary File Upload
2019-02-1900:00:00
Mehmet Emiroglu
packetstormsecurity.com
20
0.017 Low
EPSS
Percentile
88.0%
`===========================================================================================
# Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
# Dork: N/A
# Date: 10-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
# Software Link: https://sourceforge.net/projects/webinessinventory/files/
# Version: 2.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: CVE-2019-8404
# Software Description: Small stock inventory managment application for web.
===========================================================================================
# POC:
# Sign in to admin panel. then go to the inventory tab.
Switch to the products tab and create a new product.
In product image, click the browse button and select a file.
https://i.hizliresim.com/OvrOOn.jpg
When you save the product, the script is loaded with the error file to
the server.
for example service unvailable
https://i.hizliresim.com/zjGqD4.jpg
path to the file we uploaded
https://i.hizliresim.com/XMbpp5.jpg
# http://localhost/[PATH]/runtime/ProductModel/[FILE]
===========================================================================================
`
Related
exploitpack
exploitpack
Webiness Inventory 2.3 - ProductModel Arbitrary File Upload
2019-02-18 00:00:00
cvelist
cvelist
CVE-2019-8404
2019-05-14 15:29:31
zdt
zdt
Webiness Inventory 2.3 - ProductModel Arbitrary File Upload Vulnerability
2019-02-18 00:00:00
cve
cve
CVE-2019-8404
2019-05-14 16:29:02
prion
prion
Design/Logic Flaw
2019-05-14 16:29:00
osv
osv
CVE-2019-8404
2019-05-14 16:29:02
nvd
nvd
CVE-2019-8404
2019-05-14 16:29:02
exploitdb
exploitdb
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
2019-02-18 00:00:00