Lucene search
Mehmet EMIROGLU1337DAY-ID-32218HistoryFeb 18, 2019 - 12:00 a.m.
Webiness Inventory 2.3 - ProductModel Arbitrary File Upload Vulnerability
2019-02-1800:00:00
Mehmet EMIROGLU
0day.today
15
0.017 Low
EPSS
Percentile
88.0%
Exploit for php platform in category web applications
===========================================================================================
# Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/
# Software Link: https://sourceforge.net/projects/webinessinventory/files/
# Version: 2.3
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: CVE-2019-8404
# Software Description: Small stock inventory managment application for web.
===========================================================================================
# POC:
# Sign in to admin panel. then go to the inventory tab.
Switch to the products tab and create a new product.
In product image, click the browse button and select a file.
https://i.hizliresim.com/OvrOOn.jpg
When you save the product, the script is loaded with the error file to
the server.
for example service unvailable
https://i.hizliresim.com/zjGqD4.jpg
path to the file we uploaded
https://i.hizliresim.com/XMbpp5.jpg
# http://localhost/[PATH]/runtime/ProductModel/[FILE]
===========================================================================================
# 0day.today [2019-03-09] #Related
packetstorm
packetstorm
Webiness Inventory 2.3 Arbitrary File Upload
2019-02-19 00:00:00
exploitpack
exploitpack
Webiness Inventory 2.3 - ProductModel Arbitrary File Upload
2019-02-18 00:00:00
cvelist
cvelist
CVE-2019-8404
2019-05-14 15:29:31
cve
cve
CVE-2019-8404
2019-05-14 16:29:02
prion
prion
Design/Logic Flaw
2019-05-14 16:29:00
osv
osv
CVE-2019-8404
2019-05-14 16:29:02
nvd
nvd
CVE-2019-8404
2019-05-14 16:29:02
exploitdb
exploitdb
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
2019-02-18 00:00:00