CVE-2019-14312

MEDIUM NUCLEI

Aptana Jaxer 1.0.3.4547 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14312. PoCs published by Steph Jensen. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in Aptana Jaxer 1.0.3.4547 via directory traversal in the 'filename' parameter of the sourceViewer tool. It allows remote attackers to read arbitrary files on the server.

Description

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.

Exploits (1)

exploitdb WORKING POC
by Steph Jensen · textwebappsmultiple
https://www.exploit-db.com/exploits/47214

This exploit demonstrates a local file inclusion vulnerability in Aptana Jaxer 1.0.3.4547 via directory traversal in the 'filename' parameter of the sourceViewer tool. It allows remote attackers to read arbitrary files on the server.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Aptana Jaxer 1.0.3.4547
No auth needed
Prerequisites: Access to the Aptana Jaxer web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Aptana Jaxer 1.0.3.4547 - Local File inclusion
MEDIUMby daffainfo

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/aptana/Jaxer/commits/master

Scores

CVSS v3 6.5
EPSS 0.7351
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
aptana/jaxer 1.0.3.4547
Published Aug 09, 2019
Tracked Since Feb 18, 2026