CVE-2019-15954

CRITICAL Year: 2019
CVSS v3 Score
9.9
Critical
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-862
View all →

Vulnerability Description

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>

Related Vulnerabilities

CVE-2013-3960

CRITICAL
CVSS:9.9(Critical)

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass

CWE-8622013

CVE-2020-36837

CRITICAL
CVSS:9.9(Critical)

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This ma...

CWE-8622020

CVE-2023-49742

CRITICAL
CVSS:9.9(Critical)

Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.

CWE-8622023

CVE-2024-57726

CRITICAL
CVSS:9.9(Critical)

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate pr...

CWE-8622024

CVE-2025-22611

CRITICAL
CVSS:9.9(Critical)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate...

CWE-8622025

CVE-2011-4183

CRITICAL
CVSS:9.8(Critical)

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.

CWE-8622011
" } }, { "@type": "Question", "name": "How severe is CVE-2019-15954?", "acceptedAnswer": { "@type": "Answer", "text": "This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10." } }, { "@type": "Question", "name": "What type of vulnerability is CVE-2019-15954?", "acceptedAnswer": { "@type": "Answer", "text": "This is classified as CWE-862, which is a common weakness in software security." } } ] }