Home

CVE-2019-11401

Description

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the as substring is deleted.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.331

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-11401 are fixed in Nuget - sscms 6.12Windows
Vulnerabilities CVE-2019-11401 are fixed in Nuget - sscms for Linux 6.12Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234