CVE-2019-15503
CRITICALProntusCMS < 12.0.3.0 - OS Command Injection via prontus_videocut.cgi GET Parameter
Title source: llmDescription
cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://blog.nivel4.com/investigaciones/vulnerabilidad-de-ejecucion-de-comandos-remotos-rce-en-prontuscms/
Scores
CVSS v3
9.8
EPSS
0.0244
EPSS Percentile
82.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
altavoz/prontuscms
< 12.0.3.0
Published
Aug 26, 2019
Tracked Since
Feb 18, 2026