CVE-2019-10647

CRITICAL Year: 2019
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-434
View all →

Vulnerability Description

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file).

Related Vulnerabilities

CVE-2010-1433

CRITICAL
CVSS:9.8(Critical)

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to ...

CWE-4342010

CVE-2011-10004

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to u...

CWE-4342011

CVE-2011-1134

CRITICAL
CVSS:9.8(Critical)

Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.

CWE-4342011

CVE-2011-4906

CRITICAL
CVSS:9.8(Critical)

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

CWE-4342011

CVE-2011-4908

CRITICAL
CVSS:9.8(Critical)

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.

CWE-4342011

CVE-2012-2226

CRITICAL
CVSS:9.8(Critical)

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

CWE-4342012