What is CVE-2019-16113?

CVE-2019-16113 is a vulnerability in N/a. Published 2019-09-08.

Is CVE-2019-16113 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-16113

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

EPSS: 0.890 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

cybervaca/CVE-2019-16113
hg8/CVE-2019-16113-PoC
ynots0ups/CVE-2019-16113
mind2hex/CVE-2019-16113-Bludit-3.9.2-RCE
tronghoang89/cve-2019-16113
DXY0411/CVE-2019-16113
m4rm0k/CVE-2019-16113
dldygnl/CVE-2019-16113
Kenun99/CVE-2019-16113-Dockerfile
rapid7/metasploit-framework

References

github.com/bludit/bludit/issues/1081 (x_refsource_MISC)
packetstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Uplo… (x_refsource_MISC)
packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html (x_refsource_MISC)
packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-16113?: CVE-2019-16113 is a vulnerability in N/a. Published 2019-09-08.
Is CVE-2019-16113 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.