Vulnerability Details CVE-2019-19020
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to have access to a valid web interface account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2019-19020
-
cpe:2.3:a:titanhq:webtitan:5.12
-
cpe:2.3:a:titanhq:webtitan:5.13
-
cpe:2.3:a:titanhq:webtitan:5.14
-
cpe:2.3:a:titanhq:webtitan:5.15
-
cpe:2.3:a:titanhq:webtitan:5.16
-
cpe:2.3:a:titanhq:webtitan:5.17