CVE-2019-10863

HIGH

Combodo Teemip < 2.4.0 - Code Injection

Title source: rule

Description

A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.

Exploits (1)

exploitdb WORKING POC

by AkkuS · rubyremotephp

https://www.exploit-db.com/exploits/46641

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Third Party Advisory] https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html

[Exploit, Patch, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46641

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46641/

Scores

CVSS v3 7.2

EPSS 0.1115

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

combodo/teemip < 2.4.0

Published Apr 04, 2019

Tracked Since Feb 18, 2026