CVE-2019-17327

HIGH

JEUS 7 Fix#0-5 and JEUS 8 Fix#0-1 - Path Traversal and Remote Code Execution via Installation File Upload

Title source: llm
STIX 2.1

Description

JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file.

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0268
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
tmaxsoft/jeus 7 fix_0 (2 CPE variants)
tmaxsoft/jeus 8 fix_0 (2 CPE variants)
Published Nov 08, 2019
Tracked Since Feb 18, 2026