Exploit for #VU23442 Input validation error in strapi

Exploit for #VU23442 Input validation error in strapi

Published: 2021-08-29 | Updated: 2022-09-25

Vulnerability identifier: #VU23442

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-19609

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 4

September 25, 2022
- CVE-2019-19609-EXPLOIT () [Github]
November 25, 2021
- Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated) [Exploit-DB]
- Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated) [Exploit-DB]
August 29, 2021
- CVE-2019-19609-EXPLOIT (Exploit for CVE-2019-19609 in Strapi (Remote Code Execution) ) [Github]

Impact: Code execution

Vulnerable software:
strapi
Web applications / CMS

Vendor: strapi.io