High severity7.2NVD Advisory· Published Sep 18, 2019· Updated Jun 17, 2026
CVE-2019-14252
CVE-2019-14252
Description
An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden).
Affected products
2- Publisure/Publisuredescription
Patches
Vulnerability mechanics
References
1- github.com/kmkz/exploit/blob/master/PUBLISURE-EXPLOIT-CHAIN-ADVISORY.txtnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.