CVE-2019-17327
HIGHJEUS 7 Fix#0-5 and JEUS 8 Fix#0-1 - Path Traversal and Remote Code Execution via Installation File Upload
Title source: llmDescription
JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35197
Scores
CVSS v3
7.2
EPSS
0.0268
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
tmaxsoft/jeus
7 fix_0 (2 CPE variants)
tmaxsoft/jeus
8 fix_0 (2 CPE variants)
Published
Nov 08, 2019
Tracked Since
Feb 18, 2026