CVE-2019-8293
CRITICALAbcprintf Upload-image-with-ajax - Unrestricted File Upload
Title source: ruleDescription
Due to a logic error in the code, upload-image-with-ajax v1.0 allows arbitrary files to be uploaded to the web root allowing code execution.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/abcprintf/upload-image-with-ajax/commit/71436ba5102010397519d4b25ea57591cfb4974c
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/12/23/2
Scores
CVSS v3
9.8
EPSS
0.0058
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
abcprintf/upload-image-with-ajax
1.0
Published
Dec 23, 2019
Tracked Since
Feb 18, 2026