CVE-2019-11354

HIGH

EA Origin 10.5.36 - Remote Code Execution via Origin2 URI Handler Template Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11354. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in dotProject 2.1.9 via the `event_id` and `project_id` parameters. It includes payloads for boolean-based blind, error-based, time-based blind, and UNION query attacks.

Description

The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.

Exploits (1)

exploitdb WORKING POC

by Metin Yunus Kandemir · textwebappsphp

https://www.exploit-db.com/exploits/47021

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in dotProject 2.1.9 via the `event_id` and `project_id` parameters. It includes payloads for boolean-based blind, error-based, time-based blind, and UNION query attacks.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: dotProject 2.1.9

Auth required

Prerequisites: Authenticated session · Access to vulnerable endpoints

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Broken Link x_refsource_misc

https://blog.underdogsecurity.com/rce_in_origin_client/

Exploit, Third Party Advisory x_refsource_misc

https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/

Third Party Advisory x_refsource_misc

http://gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/

Exploit, Third Party Advisory x_refsource_misc

https://gizmodo.com/ea-origin-users-update-your-client-now-1834079604

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client

Third Party Advisory x_refsource_misc

https://www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942

Third Party Advisory x_refsource_misc

https://www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153375/dotProject-2.1.9-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html

Scores

CVSS v3 7.8

EPSS 0.2313

EPSS Percentile 97.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-74

Status published

Products (1)

ea/origin 10.5.36

Published Apr 19, 2019

Tracked Since Feb 18, 2026