Vulnerability Details CVE-2019-9926
An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9926
- https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/
- https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9926
- https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce/
Products affected by CVE-2019-9926
-
cpe:2.3:a:labkey:labkey_server:19.1.0