CVE-2019-8404

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
webiness_inventory_projectwebiness_inventory
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/151763/Webiness-Inventory-2.3-Arbitrary-File-Upload.html
https://sourceforge.net/projects/webinessinventory/files/
https://www.exploit-db.com/exploits/46405/
http://packetstormsecurity.com/files/151763/Webiness-Inventory-2.3-Arbitrary-File-Upload.html
https://sourceforge.net/projects/webinessinventory/files/
https://www.exploit-db.com/exploits/46405/