QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-19988

Back to search

CVE-2019-19988

Published: Feb 26, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content.

VendorProductVersions

n/a

n/a

affected
n/a

References

https://www.seling.it/
x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now