Description
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151763/Webiness-Inventory-2.3-Arbitrary-File-Upload.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46405/
Product x_refsource_misc
https://sourceforge.net/projects/webinessinventory/files/
Scores
CVSS v3
6.5
EPSS
0.1630
EPSS Percentile
94.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-434
Status
published
Products (1)
webiness_inventory_project/webiness_inventory
2.3
Published
May 14, 2019
Tracked Since
Feb 18, 2026