How severe is CVE-2019-19373?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-19373?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2019-19373 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.

Related Vulnerabilities

CVE-2016-4483

HIGH

CVSS:7.5(High)

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute ...

CWE-5022016

CVE-2017-1000195

HIGH

CVSS:7.5(High)

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.

CWE-5022017

CVE-2017-15693

HIGH

CVSS:7.5(High)

In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:W...

CWE-5022017

CVE-2017-8804

HIGH

CVSS:7.5(High)

The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual ...

CWE-5022017

CVE-2017-9844

HIGH

CVSS:7.5(High)

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP S...

CWE-5022017

CVE-2018-0824

HIGH

CVSS:7.5(High)

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." Th...

CWE-5022018