What is CVE-2019-12890?

CVE-2019-12890 is a vulnerability in N/a. Published 2019-06-19.

Is CVE-2019-12890 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

EPSS: 0.529 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

EthicalHCOP/CVE-2019-12890_RedxploitHQ
0xT11/CVE-POC
EthicalHCOP/CVE-2019-12890_
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub

References

www.exploit-db.com/exploits/46992 (x_refsource_MISC)
www.youtube.com/watch (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-12890?: CVE-2019-12890 is a vulnerability in N/a. Published 2019-06-19.
Is CVE-2019-12890 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.