CVE-2019-17058

CRITICAL

Footy Tipping Software AFL Web Edition 2019 - Authenticated Remote Code Execution via Whitelist Bypass

Title source: llm

Description

Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://blog.contentsecurity.com.au/footy-tipping-software-whitelisting-bypass

Scores

CVSS v3 9.1

EPSS 0.0191

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

footy/tipping_software 2019

Published Nov 18, 2019

Tracked Since Feb 18, 2026