Remote Command Execution Vulnerability in UltimatePOS by UltimatePOS Dev
CVE-2018-17139

8.8HIGH

Key Information:

Vendor: Ultimatefosters
Status: Ultimatepos
Vendor: CVE Published:; 17 September 2018

🔔 Create Ultimatefosters Vulnerability Alert

What is CVE-2018-17139?

UltimatePOS 2.5 contains a vulnerability that allows unauthorized users to upload arbitrary files, potentially leading to remote command execution. By sending a specially crafted request to the /products URI, an attacker can upload a PHP file disguised as an image (with a content type of image/jpeg), enabling the execution of arbitrary PHP code on the server. This security flaw may expose sensitive data and allow further attacks on the system, making it crucial for users to apply necessary patches and harden their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/45253/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2018
Vulnerability Reserved
Sep 17, 2018

JSON

Ultimatefosters

What is CVE-2018-17139?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.