CVE-2019-12725 — CRITICAL (9.8)

Vulnerability Description

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zeroshell	Zeroshell	3.9.0

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execu
http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execu
https://www.tarlogic.com/advisories/zeroshell-rce-root.txtExploitThird Party Advisory
https://zeroshell.org/blog/Vendor Advisory
http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execu
http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execu
https://www.tarlogic.com/advisories/zeroshell-rce-root.txtExploitThird Party Advisory
https://zeroshell.org/blog/Vendor Advisory

FAQ

What is CVE-2019-12725?

CVE-2019-12725 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can expl...

How severe is CVE-2019-12725?

CVE-2019-12725 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-12725?

Check the references section above for vendor advisories and patch information. Affected products include: Zeroshell Zeroshell.