CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.056

EPSS Ranking 89.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://surl.twcert.org.tw/hLFFM
https://gist.github.com/tonykuo76/476164af9bc672281b9a3394f01c17f0
https://tvn.twcert.org.tw/taiwanvn/TVN-201906001
http://surl.twcert.org.tw/hLFFM
https://gist.github.com/tonykuo76/476164af9bc672281b9a3394f01c17f0
https://tvn.twcert.org.tw/taiwanvn/TVN-201906001

Products affected by CVE-2019-11062

Sun.net » Wmpro » Version: 5.0

cpe:2.3:a:sun.net:wmpro:5.0
Sun.net » Wmpro » Version: 5.1

cpe:2.3:a:sun.net:wmpro:5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11062

Products

Pricing

Contact Us