CVE-2019-13187
CRITICALRich Text Formatter < 1.1.1 - Arbitrary File Upload via content.fileupload.php
Title source: llmDescription
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
References (2)
Core 2
Core References
Release Notes x_refsource_misc
http://symphonyextensions.com/extensions/richtext_redactor/
Exploit, Third Party Advisory x_refsource_misc
https://blog.contentsecurity.com.au/redactor-unrestricted-file-upload
Scores
CVSS v3
9.8
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
symphonyextensions/rich_text_formatter
< 1.1.1
Published
Sep 05, 2019
Tracked Since
Feb 18, 2026