CVE-2019-19943

HIGH

Pablosoftwaresolutions Quick 'N Easy Web Server - Out-of-Bounds Write

Title source: rule

Description

The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free.

Exploits (1)

exploitdb WORKING POC

by Cody Winkler · pythondoswindows

https://www.exploit-db.com/exploits/48111

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48111

Scores

CVSS v3 7.5

EPSS 0.0253

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415 CWE-787

Status published

Affected Products (1)

pablosoftwaresolutions/quick_\'n_easy_web_server < 3.3.8

Timeline

Published Feb 28, 2020

Tracked Since Feb 18, 2026