CVE-2019-13187
CRITICALSymphonyextensions Rich Text Formatter - Unrestricted File Upload
Title source: ruleDescription
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
References (2)
Core 2
Core References
Release Notes x_refsource_misc
http://symphonyextensions.com/extensions/richtext_redactor/
Exploit, Third Party Advisory x_refsource_misc
https://blog.contentsecurity.com.au/redactor-unrestricted-file-upload
Scores
CVSS v3
9.8
EPSS
0.0101
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
symphonyextensions/rich_text_formatter
< 1.1.1
Published
Sep 05, 2019
Tracked Since
Feb 18, 2026