Vulnerability Details CVE-2019-10863
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.126
EPSS Ranking 93.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html
- https://www.exploit-db.com/exploits/46641
- https://www.exploit-db.com/exploits/46641/
- https://pentest.com.tr/exploits/TeemIp-IPAM-2-4-0-new-config-Command-Injection-Metasploit.html
- https://www.exploit-db.com/exploits/46641
- https://www.exploit-db.com/exploits/46641/