QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19609

Published: Dec 5, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bittherapy.net/post/strapi-framework-remote-code-execution/

x_refsource_MISC

https://github.com/strapi/strapi/pull/4636

x_refsource_MISC

http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html

x_refsource_MISC

http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.