Lucene search
PRIOn knowledge basePRION:CVE-2018-19135HistoryNov 11, 2018 - 4:29 a.m.
Design/Logic Flaw
2018-11-1104:29:00
PRIOn knowledge base
www.prio-n.com
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the “/assets/files” directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| clippercms | eq | 1.3.3 |
Related
exploitpack
exploitpack
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
2018-11-13 00:00:00
cve
cve
CVE-2018-19135
2018-11-11 04:29:00
zdt
zdt
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Vulnerability
2018-11-14 00:00:00
osv
osv
CVE-2018-19135
2018-11-11 04:29:00
cvelist
cvelist
CVE-2018-19135
2018-11-11 04:00:00
nvd
nvd
CVE-2018-19135
2018-11-11 04:29:00
packetstorm
packetstorm
ClipperCMS 1.3.3 Cross Site Request Forgery
2018-11-14 00:00:00
exploitdb
exploitdb
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
2018-11-13 00:00:00