Vulnerability Description
In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ens | Webgalamb | <= 7.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSSExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Jan/15ExploitMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSSExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Jan/15ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2018-19514?
CVE-2018-19514 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions o...
How severe is CVE-2018-19514?
CVE-2018-19514 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-19514?
Check the references section above for vendor advisories and patch information. Affected products include: Ens Webgalamb.