CVE-2019-17322

MEDIUM

ClipSoft REXPERT < 1.0.0.527 - Path Traversal and Arbitrary File Write via POST Request

Title source: llm
STIX 2.1

Description

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0122
EPSS Percentile 65.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-22 CWE-264
Status published
Products (1)
clipsoft/rexpert < 1.0.0.527
Published Oct 30, 2019
Tracked Since Feb 18, 2026