Vulnerability feed

Vulnerability

CVE-2019-19609

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2019-19609
Description:: The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
Last updated date:: 09/14/2021

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/17/2024
Reference url to background: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2021
Reference url to background: https://github.com/4ugury/CVE-2019-19609

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2021
Reference url to background: https://github.com/dasithsv/CVE-2019-19609

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2021
Reference url to background: https://github.com/ebadfd/CVE-2019-19609

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2021
Reference url to background: https://github.com/z9fr/CVE-2019-19609

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/29/2021
Reference url to background: https://github.com/diego-tella/CVE-2019-19609-EXPLOIT

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/31/2021
Reference url to background: https://bittherapy.net/post/strapi-framework-remote-code-execution/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/14/2021
Reference url to background: http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/14/2021
Reference url to background: http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |