The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
References
Link | Resource |
---|---|
http://surl.twcert.org.tw/hLFFM | Broken Link |
https://gist.github.com/tonykuo76/476164af9bc672281b9a3394f01c17f0 | Exploit Third Party Advisory |
https://tvn.twcert.org.tw/taiwanvn/TVN-201906001 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2019-07-01T00:00:00
Updated: 2019-07-11T18:22:06
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11062
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-11T19:15:12.860
Modified: 2023-03-01T16:33:07.720
Link: CVE-2019-11062
JSON object: View
Redhat Information
No data.
CWE