Vulnerability Description
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alkacon | Opencms | <= 10.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/alkacon/opencms-core/issues/636ExploitThird Party Advisory
- https://www.openwall.com/lists/oss-security/2019/05/05/2ExploitMailing ListThird Party Advisory
- https://github.com/alkacon/opencms-core/issues/636ExploitThird Party Advisory
- https://www.openwall.com/lists/oss-security/2019/05/05/2ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2019-11819?
CVE-2019-11819 is a vulnerability with a CVSS score of 7.8 (HIGH). Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
How severe is CVE-2019-11819?
CVE-2019-11819 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11819?
Check the references section above for vendor advisories and patch information. Affected products include: Alkacon Opencms.