CVE-2019-15707
MEDIUMFortiMail 6.2.0, 6.0.0-6.0.6, <5.4.10 - Authenticated Improper Access Control in Admin WebUI
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-15707. PoCs published by cristianovisk.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-15707, which targets a command injection vulnerability in the 'fewReq' parameter of the admin.fe module. The exploit captures a token, injects a command, and executes it via a crafted request.
Description
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
Exploits (1)
This repository contains a functional exploit for CVE-2019-15707, which targets a command injection vulnerability in the 'fewReq' parameter of the admin.fe module. The exploit captures a token, injects a command, and executes it via a crafted request.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N