CVE-2019-5916
CRITICALPOWER EGG <= 2.9 Patch 4 - Expression Language Injection
Title source: llmDescription
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://poweregg.d-circle.com/support/package/important/20190204_000780/
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN63860183/index.html
Scores
CVSS v3
9.8
EPSS
0.0148
EPSS Percentile
70.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-917
Status
published
Products (12)
d-circle/power_egg
2.0.1
d-circle/power_egg
2.0.2 patch3
d-circle/power_egg
2.1 patch4
d-circle/power_egg
2.2 patch7
d-circle/power_egg
2.3 patch9
d-circle/power_egg
2.4 patch13
d-circle/power_egg
2.5 patch12
d-circle/power_egg
2.6 patch8
d-circle/power_egg
2.7 patch6 (2 CPE variants)
d-circle/power_egg
2.8 patch6
... and 2 more
Published
Feb 13, 2019
Tracked Since
Feb 18, 2026