Vulnerability Details CVE-2019-14521
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
- https://energylogserver.pl/en/
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/master
- https://energy-log-server-6x.readthedocs.io/en/latest/CHANGELOG.html
- https://energylogserver.pl/en/
- https://gist.github.com/ahpaleus/effb46d4a9d9c2b9a452c98f64ddc2c7
- https://github.com/emca-it/Energy-Log-Server-6.x/commits/master
Products affected by CVE-2019-14521
-
cpe:2.3:a:emca:energy_logserver:6.1.2