2 matches found
CVE-2019-7692
CVE-2019-7692 affects CIM 0.9.3 where install/install.php mishandles configuration when N=83. This allows remote attackers to execute arbitrary PHP code by supplying a crafted prefix value, demonstrated by a call to fputs that creates a .php file in the public folder. Root cause is misconfigurati...
CVE-2018-20614
CVE-2018-20614 affects CIM 0.9.3; publicly reachable endpoint public/install/#/step3 enables remote reload of the product via public/install/. Root cause: web path handling in public/install allows unauthenticated access to trigger a reload action. Impact is defined as remote reload capability, w...