What is CVE-2018-19422?

CVE-2018-19422 is a vulnerability in N/a. Published 2018-11-21.

Is CVE-2018-19422 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

EPSS: 0.843 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

hev0x/CVE-2018-19422-SubrionCMS-RCE
Swammers8/SubrionCMS-4.2.1-File-upload-RCE-auth-
Drew-Alleman/CVE-2018-19422
rapid7/metasploit-framework
Mr-Tree-S/POC_
RajatSethi2001/FUSE
VictoriaKlyueva/TryHackMe-and-Hack-the-Box
WSP-LAB/FUSE
h3v0x/CVE-2018-19422-SubrionCMS-RCE
n0-traces/cve_

References

github.com/intelliants/subrion/issues/801
packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html
packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-…

Frequently asked questions

What is CVE-2018-19422?: CVE-2018-19422 is a vulnerability in N/a. Published 2018-11-21.
Is CVE-2018-19422 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.