CVE-2019-12314

CRITICAL EXPLOITED NUCLEI

Deltek Maconomy 2.2.5 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-12314 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including JameelNabbo. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Deltek Maconomy ERP. The PoC shows how an attacker can read arbitrary files on the server by manipulating the URL path.

Description

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.

Exploits (1)

exploitdb WORKING POC
by JameelNabbo · textwebappsmultiple
https://www.exploit-db.com/exploits/46931

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Deltek Maconomy ERP. The PoC shows how an attacker can read arbitrary files on the server by manipulating the URL path.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Deltek Maconomy ERP
No auth needed
Prerequisites: Access to the target server's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Deltek Maconomy 2.2.5 - Local File Inclusion
CRITICALby madrobot

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.8422
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-03-12
CWE
CWE-22
Status published
Products (1)
deltek/maconomy 2.2.5
Published May 24, 2019
Tracked Since Feb 18, 2026