CVE-2019-7751

HIGH

Ricoh MarcomCentral - Path Traversal

Title source: llm

Description

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.

Exploits (1)

exploitdb WORKING POC

by 0v3rride · pythonwebappswindows

https://www.exploit-db.com/exploits/46494

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/151963/MarcomCentral-FusionPro-VDP-Creator-Directory-Traversal.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46494

Scores

CVSS v3 7.5

EPSS 0.1273

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

ricoh/fusionpro_vdp < 10.0

Published Dec 31, 2019

Tracked Since Feb 18, 2026