CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-10759

The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://blog.ripstech.com/2016/precurio-remote-command-execution-via-xinha-plugin/
https://demo.ripstech.com/projects/precurio_2.1
https://blog.ripstech.com/2016/precurio-remote-command-execution-via-xinha-plugin/
https://demo.ripstech.com/projects/precurio_2.1

Products affected by CVE-2016-10759

Precurio » Precurio » Version: 2.1

cpe:2.3:a:precurio:precurio:2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-10759

Products

Pricing

Contact Us