Vulnerability Details CVE-2019-6503
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References