How severe is CVE-2019-17575?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-17575?

This is classified as CWE-706, which is a common weakness in software security.

CVE-2019-17575 - HIGH Severity | CVSS 7.2

Vulnerability Description

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph and change the file's extension to p. Because of concatenation, the name is then treated as filename.php.) At the result, remote attackers can execute arbitrary PHP code.

Related Vulnerabilities

CVE-2019-9616

HIGH

CVSS:7.2(High)

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor...

CWE-7062019

CVE-2021-31933

HIGH

CVSS:7.2(High)

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filen...

CWE-7062021

CVE-2022-29445

HIGH

CVSS:7.2(High)

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.

CWE-7062022

CVE-2020-26233

HIGH

CVSS:7.3(High)

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively clon...

CWE-7062020

CVE-2019-19921

HIGH

CVSS:7.0(High)

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with...

CWE-7062019

CVE-2023-27561

HIGH

CVSS:7.0(High)

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with cus...

CWE-7062023