Remote Code Execution Vulnerability in Bludit by Bludit Team
CVE-2019-12548

8.8HIGH

Key Information:

Vendor

Bludit

Status
Bludit
Vendor
CVE Published:
3 June 2019

What is CVE-2019-12548?

A security flaw in Bludit prior to version 3.9.0 permits authenticated users to execute arbitrary PHP code remotely. This occurs through a vulnerability that allows the upload of PHP files when changing the logo via the admin interface at /admin/ajax/upload-logo. Exploiting this vulnerability could enable malicious actors to gain control of the affected system, potentially compromising sensitive data and operations.

References

https://github.com/bludit/bludit/compare/5e5957c...77e85e7
x_refsource_MISC
https://github.com/bludit/bludit/releases/tag/3.9.0
x_refsource_CONFIRM
https://github.com/bludit/bludit/commit/d0843a4070c7d7fa5...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.