CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11401

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.025

EPSS Ranking 84.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://github.com/siteserver/cms/issues/1858
https://github.com/siteserver/cms/issues/1858

Products affected by CVE-2019-11401

Siteserver » Siteserver Cms » Version: 6.9.0

cpe:2.3:a:siteserver:siteserver_cms:6.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11401

Products

Pricing

Contact Us