How severe is CVE-2019-19141?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-19141?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2019-19141 - HIGH Severity | CVSS 8.8

Vulnerability Description

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.

Related Vulnerabilities

CVE-2009-0244

HIGH

CVSS:8.8(High)

Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone E...

CWE-222009

CVE-2010-0012

HIGH

CVSS:8.8(High)

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within ...

CWE-222010

CVE-2013-4855

HIGH

CVSS:8.8(High)

D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.

CWE-222013

CVE-2013-7466

HIGH

CVSS:8.8(High)

Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present ...

CWE-222013

CVE-2014-5301

HIGH

CVSS:8.8(High)

Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.

CWE-222014

CVE-2014-5302

HIGH

CVSS:8.8(High)

Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to exe...

CWE-222014