Vulnerability Details CVE-2019-8293
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2019/12/23/2
- https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c
- http://www.openwall.com/lists/oss-security/2019/12/23/2
- https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c
Products affected by CVE-2019-8293
-
cpe:2.3:a:abcprintf:upload-image-with-ajax:1.0