Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-08T20:50:28

Updated: 2024-08-05T01:03:32.768Z

Reserved: 2019-09-08T00:00:00

Link: CVE-2019-16113

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-09-08T21:15:10.617

Modified: 2024-11-21T04:30:04.363

Link: CVE-2019-16113

cve-icon Redhat

No data.