Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-08T20:50:28
Updated: 2024-08-05T01:03:32.768Z
Reserved: 2019-09-08T00:00:00
Link: CVE-2019-16113
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-08T21:15:10.617
Modified: 2024-11-21T04:30:04.363
Link: CVE-2019-16113
Redhat
No data.