CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-14466

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.1%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.5

References

https://github.com/gosa-project/gosa-core/pull/29
https://lists.debian.org/debian-lts-announce/2019/08/msg00039.html
https://github.com/gosa-project/gosa-core/pull/29
https://lists.debian.org/debian-lts-announce/2019/08/msg00039.html

Products affected by CVE-2019-14466

Gosa Project » Gosa » Version: 2.7.5.2

cpe:2.3:a:gosa_project:gosa:2.7.5.2
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14466

Products

Pricing

Contact Us