CVE-2019-8404

MEDIUM

Webiness Inventory 2.3 - Arbitrary File Upload via Product Image

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8404. PoCs published by Mehmet EMIROGLU.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Webiness Inventory 2.3. The exploit involves uploading a malicious file via the product image upload feature, which can then be accessed at a predictable path.

Description

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.

Exploits (1)

exploitdb WRITEUP
by Mehmet EMIROGLU · textwebappsphp
https://www.exploit-db.com/exploits/46405

This is a writeup describing an arbitrary file upload vulnerability in Webiness Inventory 2.3. The exploit involves uploading a malicious file via the product image upload feature, which can then be accessed at a predictable path.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Webiness Inventory 2.3
Auth required
Prerequisites: Admin access to the application · Ability to upload files via the product image feature
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46405/

Scores

CVSS v3 6.5
EPSS 0.0802
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-434
Status published
Products (1)
webiness_inventory_project/webiness_inventory 2.3
Published May 14, 2019
Tracked Since Feb 18, 2026