Unrated severityNVD Advisory· Published Sep 8, 2019· Updated Aug 5, 2024
CVE-2019-16113
CVE-2019-16113
Description
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Bludit/Bluditdescription
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.htmlmitrex_refsource_MISC
- github.com/bludit/bludit/issues/1081mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.