CRITICAL🇵🇱 Wersja polska

CVE-2018-19586

CVSS 9.9v3.0pub. 2019-04-09upd. 2024-11-21

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Silverpeas

    APP
    Silverpeas
    5.15 – 6.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-42850CRITICAL9.8PL ✓ten sam produkt

Silverpeas – pomijanie wymagań złożoności hasła przy jego zmianie

CVE-2024-36042CRITICAL9.8PL ✓ten sam produkt

Silverpeas – pominięcie hasła umożliwia dostęp jako superadmin (Auth Bypass)

CVE-2024-48814HIGH7.5ten sam produkt

SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via t...

CVE-2023-47322HIGH8.8ten sam produkt

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading t...

CVE-2023-47320HIGH8.1ten sam produkt

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to ex...