CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-10272

An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://expzh.com/Weaver-e-cology9.0-CRLF-Injection.pdf
https://www.weaver.com.cn/cs/securityDownload.asp
https://expzh.com/Weaver-e-cology9.0-CRLF-Injection.pdf
https://www.weaver.com.cn/cs/securityDownload.asp

Products affected by CVE-2019-10272

Weaver » E-Cology » Version: 9.0

cpe:2.3:a:weaver:e-cology:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10272

Products

Pricing

Contact Us