liquidsky (Joseph McPeters) - Security Researcher

CVE-2019-12185 NOMISEC HIGH WORKING POC

eLabFTW 1.8.5 - Command Injection

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

7 stars

CVSS 8.8

View Code

CVE-2019-12170 NOMISEC HIGH WRITEUP

ATutor <2.2.4 - RCE

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

2 stars

CVSS 8.8

View Code

CVE-2019-12185 GITLAB HIGH WORKING POC

eLabFTW 1.8.5 - Command Injection

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

CVSS 8.8

View Code

CVE-2019-12170 GITLAB HIGH WRITEUP

ATutor <2.2.4 - RCE

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

CVSS 8.8

View Code