Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html | Third Party Advisory VDB Entry |
https://community.jalios.com/jcms/frt_74021/en/blog-jalios-community | Release Notes |
https://github.com/ricardojoserf/CVE-2019-19033 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-21T17:53:02
Updated: 2019-11-21T22:48:53
Reserved: 2019-11-17T00:00:00
Link: CVE-2019-19033
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-21T18:15:12.070
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-19033
JSON object: View
Redhat Information
No data.
CWE