Main Vulnerability Database Exploits ID:5693 - Exploit for Code Injection in Bludit - CVE-2019-16113

ID:5693 - Exploit for Code Injection in Bludit - CVE-2019-16113

Published: June 17, 2021

Vulnerability identifier: #VU35528

Vulnerability risk: High

CVE-ID: CVE-2019-16113

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
Bludit

Link to public exploit:

https://www.exploit-db.com/exploits/48701/

Vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

Remediation

Install update from vendor's website.

ID:5693 - Exploit for Code Injection in Bludit - CVE-2019-16113

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human