Lucene search
PRIOn knowledge basePRION:CVE-2019-15954HistorySep 05, 2019 - 7:16 p.m.
Command injection
2019-09-0519:16:00
PRIOn knowledge base
www.prio-n.com
1
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
| CPE | Name | Operator | Version |
|---|---|---|---|
| total.js_cms | eq | 12.0.0 |
Related
zdt
zdt
Total.js CMS 12 - Widget JavaScript Code Injection Exploit
2019-10-22 00:00:00
nvd
nvd
CVE-2019-15954
2019-09-05 19:16:32
CVE-2020-9381
2020-02-24 22:15:12
cvelist
cvelist
CVE-2019-15954
2019-09-05 18:31:43
CVE-2020-9381
2020-02-24 21:25:54
cve
cve
CVE-2019-15954
2019-09-05 19:16:32
CVE-2020-9381
2020-02-24 22:15:12
attackerkb
attackerkb
CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution
2019-09-05 00:00:00
osv
osv
Total.js CMS RCE Vulnerability
2022-05-24 16:55:31
CVE-2020-9381
2020-02-24 22:15:12
github
github
Total.js CMS RCE Vulnerability
2022-05-24 16:55:31
packetstorm
packetstorm
Total.js CMS 12 Widget JavaScript Code Injection
2019-10-21 00:00:00
prion
prion
Design/Logic Flaw
2020-02-24 22:15:00