Security Advisory

CVE-2019-12185

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-05-19 23:05:41

Last updated 2024-08-04 23:10:30

Assigner mitre

State PUBLISHED

Description

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

← Browse all CVEs View on cve.org ↗