MitreCVE-2019-19502CVE-2019-19502
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.4%
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| maleck | image_uploader_and_browser_for_ckeditor | * | cpe:2.3:a:maleck:image_uploader_and_browser_for_ckeditor:*:*:*:*:*:*:*:* |
References
github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/commit/c293d38c8b99444e775d94c1af50c9676c6544d2
github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/compare/4.1.8...v4.1.9
github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11
github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11/commits/5c7a6b0e10504f08e2f50655541b767e276ce749
visat.me/security/cve-2019-19502/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.4%