CVE-2019-10863

HIGH

TeemIp < 2.4.0 - Remote Code Execution via exec.php new_config Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10863. PoCs published by AkkuS.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in TeemIp IPAM versions prior to 2.4.0 by injecting PHP payloads via the 'new_config' parameter in 'exec.php'. It requires authentication and executes arbitrary commands on the target system.

Description

A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.

Exploits (1)

exploitdb WORKING POC
by AkkuS · rubyremotephp
https://www.exploit-db.com/exploits/46641

This Metasploit module exploits a command injection vulnerability in TeemIp IPAM versions prior to 2.4.0 by injecting PHP payloads via the 'new_config' parameter in 'exec.php'. It requires authentication and executes arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TeemIp IPAM < 2.4.0
Auth required
Prerequisites: Valid credentials for TeemIp IPAM · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46641/
Exploit, Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46641

Scores

CVSS v3 7.2
EPSS 0.1115
EPSS Percentile 93.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
combodo/teemip < 2.4.0
Published Apr 04, 2019
Tracked Since Feb 18, 2026