CVE-2019-15519
Description
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Power-Response before 2019-02-02 contains a directory traversal vulnerability via a plugin, allowing file read within the application directory.
Vulnerability
Power-Response versions prior to 2019-02-02 contain a directory traversal vulnerability in a plugin. The flaw allows an attacker to traverse directories up to the application's main directory by sending specially crafted requests to the plugin's command functionality. The vulnerability was addressed in a pull request that fixed the issue.
Exploitation
An attacker can exploit this vulnerability by sending a malicious request to the vulnerable plugin, specifying a path that traverses directories. No authentication or user interaction is required beyond network access to the application. The traversal is limited to the application's main directory.
Impact
Successful exploitation allows an attacker to read files within the application's main directory, leading to information disclosure. The attacker cannot traverse beyond this directory.
Mitigation
The vulnerability was fixed in commit [1] and included in the release after 2019-02-02. Users should upgrade to the latest version of Power-Response. There are no known workarounds.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Power-Response/Power-Responsedescription
- Range: <2019-02-02
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/Asymmetric-InfoSec/Power-Response/pull/156mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.