What is CVE-2019-11447?

CVE-2019-11447 is a vulnerability in N/a. Published 2019-04-22.

Is CVE-2019-11447 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $…

EPSS: 0.737 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

thewhiteh4t/cve-2019-11447
CRFSlick/CVE-2019-11447-POC
khuntor/CVE-2019-11447-EXP
substing/CVE-2019-11447_reverse_shell_upload
ColdFusionX/CVE-2019-11447_CuteNews-AvatarUploadRCE
mt-code/CVE-2019-11447
ARPSyndicate/cvemon
ColdFusionX/CVE-2019-11447_
Meowmycks/OSCPprep-Cute
Mr-Tree-S/POC_

References

46698 (exploit, x_refsource_EXPLOIT-DB)
pentest.com.tr/exploits/CuteNews-2-1-2-Remote-Code-Execution-Metasploit.html (x_refsource_MISC)
packetstormsecurity.com/files/159134/CuteNews-2.1.2-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-11447?: CVE-2019-11447 is a vulnerability in N/a. Published 2019-04-22.
Is CVE-2019-11447 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.