Vulnerability Details CVE-2019-10863
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.197
EPSS Ranking 95.1%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html
- https://www.exploit-db.com/exploits/46641
- https://www.exploit-db.com/exploits/46641/
- https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html
- https://www.exploit-db.com/exploits/46641
- https://www.exploit-db.com/exploits/46641/