Main Vulnerability Database Vulnerabilities #VU35865

Path traversal in WebAPP - CVE-2019-9106

Published: June 1, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35865

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-9106

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: web-app.org

Affected software:
WebAPP

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

How to mitigate CVE-2019-9106

Install update from vendor's website.

Sources

https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/
https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf

Path traversal in WebAPP - CVE-2019-9106

Detailed vulnerability description

How to mitigate CVE-2019-9106

Sources

Please verify you're human