Vulnerability Details CVE-2019-13396
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.6
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2019-13396
-
cpe:2.3:a:getflightpath:flightpath:4.0
-
cpe:2.3:a:getflightpath:flightpath:4.1
-
cpe:2.3:a:getflightpath:flightpath:4.2
-
cpe:2.3:a:getflightpath:flightpath:4.2.1
-
cpe:2.3:a:getflightpath:flightpath:4.2.2
-
cpe:2.3:a:getflightpath:flightpath:4.2.3
-
cpe:2.3:a:getflightpath:flightpath:4.3
-
cpe:2.3:a:getflightpath:flightpath:4.3.1
-
cpe:2.3:a:getflightpath:flightpath:4.3.2
-
cpe:2.3:a:getflightpath:flightpath:4.3.3
-
cpe:2.3:a:getflightpath:flightpath:4.4
-
cpe:2.3:a:getflightpath:flightpath:4.4.1
-
cpe:2.3:a:getflightpath:flightpath:4.4.2
-
cpe:2.3:a:getflightpath:flightpath:4.4.3
-
cpe:2.3:a:getflightpath:flightpath:4.4.4
-
cpe:2.3:a:getflightpath:flightpath:4.4.4.1
-
cpe:2.3:a:getflightpath:flightpath:4.4.5
-
cpe:2.3:a:getflightpath:flightpath:4.4.6
-
cpe:2.3:a:getflightpath:flightpath:4.5
-
cpe:2.3:a:getflightpath:flightpath:4.5.1
-
cpe:2.3:a:getflightpath:flightpath:4.6
-
cpe:2.3:a:getflightpath:flightpath:4.6.1
-
cpe:2.3:a:getflightpath:flightpath:4.7
-
cpe:2.3:a:getflightpath:flightpath:4.7.1
-
cpe:2.3:a:getflightpath:flightpath:4.7.2
-
cpe:2.3:a:getflightpath:flightpath:4.7.2.1
-
cpe:2.3:a:getflightpath:flightpath:4.8
-
cpe:2.3:a:getflightpath:flightpath:4.8.1
-
cpe:2.3:a:getflightpath:flightpath:4.8.2
-
cpe:2.3:a:getflightpath:flightpath:4.8.3
-
cpe:2.3:a:getflightpath:flightpath:5.0