CVE-2019-19033

CRITICAL

Jalios JCMS 10 - Privilege Escalation

Title source: llm

Description

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account, by using any username and the hardcoded dev password.

Exploits (1)

nomisec SCANNER 3 stars

by ricardojoserf · poc

https://github.com/ricardojoserf/CVE-2019-19033

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155419/Jalios-JCMS-10-Backdoor-Account-Authentication-Bypass.html

[Release Notes] https://community.jalios.com/jcms/frt_74021/en/blog-jalios-community

[Exploit, Third Party Advisory] https://github.com/ricardojoserf/CVE-2019-19033

Scores

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

jalios/jcms 10.0

Published Nov 21, 2019

Tracked Since Feb 18, 2026