Vulnerability Description
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symphonyextensions | Rich Text Formatter | <= 1.1.1 |
Related Weaknesses (CWE)
References
- http://symphonyextensions.com/extensions/richtext_redactor/Release Notes
- https://blog.contentsecurity.com.au/redactor-unrestricted-file-uploadExploitThird Party Advisory
- http://symphonyextensions.com/extensions/richtext_redactor/Release Notes
- https://blog.contentsecurity.com.au/redactor-unrestricted-file-uploadExploitThird Party Advisory
FAQ
What is CVE-2019-13187?
CVE-2019-13187 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
How severe is CVE-2019-13187?
CVE-2019-13187 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-13187?
Check the references section above for vendor advisories and patch information. Affected products include: Symphonyextensions Rich Text Formatter.