Vulnerability Description
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maleck | Image Uploader And Browser For Ckeditor | < 4.1.9 |
Related Weaknesses (CWE)
References
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/commit/c293d38c8Patch
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/compare/4.1.8...Third Party Advisory
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11Third Party Advisory
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11/commits/Patch
- https://visat.me/security/cve-2019-19502/
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/commit/c293d38c8Patch
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/compare/4.1.8...Third Party Advisory
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11Third Party Advisory
- https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/pull/11/commits/Patch
- https://visat.me/security/cve-2019-19502/
FAQ
What is CVE-2019-19502?
CVE-2019-19502 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
How severe is CVE-2019-19502?
CVE-2019-19502 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19502?
Check the references section above for vendor advisories and patch information. Affected products include: Maleck Image Uploader And Browser For Ckeditor.