CVE-2019-17322
MEDIUMClipSoft REXPERT < 1.0.0.527 - Path Traversal and Arbitrary File Write via POST Request
Title source: llmDescription
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Scores
CVSS v3
6.5
EPSS
0.0122
EPSS Percentile
65.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
CWE-264
Status
published
Products (1)
clipsoft/rexpert
< 1.0.0.527
Published
Oct 30, 2019
Tracked Since
Feb 18, 2026