CVE-2019-12719

CRITICAL

AUO SunVeillance Monitoring System < 1.1.9e - Unauthenticated Unrestricted File Upload via Picture_Manage_mvc.aspx

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12719. PoCs published by Luca.Chiou.

AI-analyzed exploit summary This writeup describes an incorrect access control vulnerability in AUO SunVeillance Monitoring System, allowing unauthenticated file uploads by manipulating the 'authority' parameter. No exploit code is provided, only a step-by-step PoC description.

Description

An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.

Exploits (1)

exploitdb WRITEUP
by Luca.Chiou · textwebappshardware
https://www.exploit-db.com/exploits/47541

This writeup describes an incorrect access control vulnerability in AUO SunVeillance Monitoring System, allowing unauthenticated file uploads by manipulating the 'authority' parameter. No exploit code is provided, only a step-by-step PoC description.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: AUO SunVeillance Monitoring System all versions prior to v1.1.9e
No auth needed
Prerequisites: Network access to the target system · Knowledge of the target URL structure
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1Khz7x6b32g7JYCyA6ZQ6NGEc4I0yFA45
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47541

Scores

CVSS v3 9.8
EPSS 0.0215
EPSS Percentile 79.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
auo/sunveillance_monitoring_system_\&_data_recorder < 1.1.9e
Published Nov 12, 2019
Tracked Since Feb 18, 2026