Vulnerability Details CVE-2019-11028
GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/152643/GAT-Ship-Web-Module-Unrestricted-File-Upload.html
- http://seclists.org/fulldisclosure/2019/Apr/33
- https://seclists.org/fulldisclosure/2019/Apr/14
- https://vuldb.com/?id.133141
- http://packetstormsecurity.com/files/152643/GAT-Ship-Web-Module-Unrestricted-File-Upload.html
- http://seclists.org/fulldisclosure/2019/Apr/33
- https://seclists.org/fulldisclosure/2019/Apr/14
- https://vuldb.com/?id.133141
Products affected by CVE-2019-11028
-
cpe:2.3:a:gatship:web_module:-
-
cpe:2.3:a:gatship:web_module:1.30
-
cpe:2.3:a:gatship:web_module:1.39