CVE-2019-11401

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11401

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11401.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11401

Aliases

GHSA-ff4w-8chr-w2x9

Published

2019-04-22T11:29:04Z

Modified

2024-05-14T06:42:16.957746Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.

References

https://github.com/siteserver/cms/issues/1858

Affected packages

Git / github.com/siteserver/cms

Affected ranges

Type: GIT
Repo: https://github.com/siteserver/cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5e04df46b9d73fa75189c93ba58521023129fca7

Affected versions

siteserver-dev-v5.*

siteserver-dev-v5.0.101

siteserver-dev-v5.0.102

siteserver-dev-v5.0.103

siteserver-dev-v5.0.106

siteserver-dev-v5.0.107

siteserver-dev-v5.0.109

siteserver-dev-v5.0.111

siteserver-dev-v5.0.112

siteserver-dev-v5.0.113

siteserver-dev-v5.0.114

siteserver-dev-v5.0.115

siteserver-dev-v5.0.117

siteserver-dev-v5.0.121

siteserver-dev-v5.0.122

siteserver-dev-v5.0.124

siteserver-dev-v5.0.125

siteserver-dev-v5.0.129

siteserver-dev-v5.0.130

siteserver-dev-v5.0.131

siteserver-dev-v5.0.132

siteserver-dev-v5.0.133

siteserver-dev-v5.0.134

siteserver-dev-v5.0.137

siteserver-dev-v5.0.139

siteserver-dev-v5.0.140

siteserver-dev-v5.0.141

siteserver-dev-v5.0.142

siteserver-dev-v5.0.144

siteserver-dev-v5.0.146

siteserver-dev-v5.0.147

siteserver-dev-v5.0.148

siteserver-dev-v5.0.149

siteserver-dev-v5.0.150

siteserver-dev-v5.0.151

siteserver-dev-v5.0.152

siteserver-dev-v5.0.153

siteserver-dev-v5.0.154

siteserver-dev-v5.0.18

siteserver-dev-v5.0.22

siteserver-dev-v5.0.23

siteserver-dev-v5.0.24

siteserver-dev-v5.0.25

siteserver-dev-v5.0.27

siteserver-dev-v5.0.33

siteserver-dev-v5.0.34

siteserver-dev-v5.0.36

siteserver-dev-v5.0.37

siteserver-dev-v5.0.39

siteserver-dev-v5.0.40

siteserver-dev-v5.0.48

siteserver-dev-v5.0.51

siteserver-dev-v5.0.53

siteserver-dev-v5.0.55

siteserver-dev-v5.0.56

siteserver-dev-v5.0.57

siteserver-dev-v5.0.59

siteserver-dev-v5.0.61

siteserver-dev-v5.0.62

siteserver-dev-v5.0.63

siteserver-dev-v5.0.69

siteserver-dev-v5.0.70

siteserver-dev-v5.0.76

siteserver-dev-v5.0.80

siteserver-dev-v5.0.85

siteserver-dev-v5.0.86

siteserver-dev-v5.0.87

siteserver-dev-v5.0.89

siteserver-dev-v5.0.91

siteserver-dev-v5.0.92

siteserver-dev-v5.0.94

siteserver-dev-v5.0.95

siteserver-dev-v5.0.97

siteserver-v5.*

siteserver-v5.0.126

siteserver-v5.0.127

siteserver-v5.0.128

siteserver-v5.0.135

siteserver-v5.0.136

siteserver-v5.0.143

siteserver-v5.0.145

siteserver-v5.0.15

siteserver-v5.0.78

siteserver-v5.0.81

siteserver-v5.0.82

siteserver-v6.*

siteserver-v6.0.0-rc1

siteserver-v6.0.164-preview

siteserver-v6.0.166-preview

siteserver-v6.0.167-preview

siteserver-v6.0.168-preview

siteserver-v6.0.169-preview

siteserver-v6.0.172-preview

siteserver-v6.0.173-preview

siteserver-v6.0.187-preview

siteserver-v6.0.189-preview

siteserver-v6.0.191-preview

siteserver-v6.0.192-preview

siteserver-v6.0.193-preview

siteserver-v6.0.194-preview

siteserver-v6.0.195-preview

siteserver-v6.0.196-preview

siteserver-v6.0.197-preview

siteserver-v6.0.201-preview

siteserver-v6.0.202-preview

siteserver-v6.0.203-preview

siteserver-v6.0.204-preview

siteserver-v6.0.205-preview

siteserver-v6.0.207-preview

siteserver-v6.0.209-preview

siteserver-v6.0.210-rc1

siteserver-v6.0.211-preview

siteserver-v6.0.212-preview

siteserver-v6.0.214-preview

siteserver-v6.0.215-preview

siteserver-v6.0.216-preview

siteserver-v6.0.218-rc2

siteserver-v6.0.219-preview

siteserver-v6.0.220-rc2

siteserver-v6.0.222-preview

siteserver-v6.0.224-preview

siteserver-v6.0.225-preview

siteserver-v6.0.226-preview

siteserver-v6.0.227-preview

siteserver-v6.0.228-preview

siteserver-v6.0.229-preview

siteserver-v6.0.230-preview

siteserver-v6.0.231

siteserver-v6.0.232-preview

siteserver-v6.0.233

siteserver-v6.0.236-preview

siteserver-v6.0.240-preview

siteserver-v6.0.241-preview

siteserver-v6.0.242-preview

siteserver-v6.0.243

siteserver-v6.0.244-preview

siteserver-v6.0.245-preview

siteserver-v6.0.246

siteserver-v6.0.247-preview

siteserver-v6.0.248-preview

siteserver-v6.0.249-preview

siteserver-v6.0.250-preview

siteserver-v6.0.251-preview

siteserver-v6.0.252-preview

siteserver-v6.0.253-preview

siteserver-v6.0.254-preview

siteserver-v6.0.255-preview

siteserver-v6.0.256-preview

siteserver-v6.0.257-preview

siteserver-v6.0.258-preview

siteserver-v6.0.259-preview

siteserver-v6.0.{build}-rc1

siteserver-v6.1.0-preview

siteserver-v6.1.1

siteserver-v6.1.10-preview

siteserver-v6.1.11-preview

siteserver-v6.1.14-beta

siteserver-v6.1.15-beta

siteserver-v6.1.16-beta

siteserver-v6.1.17-beta

siteserver-v6.1.18-beta

siteserver-v6.1.19-beta

siteserver-v6.1.2-preview

siteserver-v6.1.20-beta

siteserver-v6.1.21-beta

siteserver-v6.1.22-beta

siteserver-v6.1.23-beta

siteserver-v6.1.24-beta

siteserver-v6.1.25-beta

siteserver-v6.1.26-beta

siteserver-v6.1.27-beta

siteserver-v6.1.3

siteserver-v6.1.4-preview

siteserver-v6.1.5-preview

siteserver-v6.1.7-preview

siteserver-v6.1.8-preview

siteserver-v6.1.9-preview

siteserver-v6.2.0

siteserver-v6.2.1

siteserver-v6.2.10-beta

siteserver-v6.2.11-beta

siteserver-v6.2.12-beta

siteserver-v6.2.13-beta

siteserver-v6.2.14-beta

siteserver-v6.2.15-beta

siteserver-v6.2.16

siteserver-v6.2.17-beta

siteserver-v6.2.18-beta

siteserver-v6.2.19-beta

siteserver-v6.2.2

siteserver-v6.2.20-beta

siteserver-v6.2.3

siteserver-v6.2.4

siteserver-v6.2.6-beta

siteserver-v6.2.7-beta

siteserver-v6.2.8-beta

siteserver-v6.2.9-beta

siteserver-v6.3.0-beta

siteserver-v6.3.1-beta

siteserver-v6.3.10-beta

siteserver-v6.3.11-beta

siteserver-v6.3.12

siteserver-v6.3.14-beta

siteserver-v6.3.16-beta

siteserver-v6.3.17-beta

siteserver-v6.3.18-beta

siteserver-v6.3.19-beta

siteserver-v6.3.2

siteserver-v6.3.20-beta

siteserver-v6.3.24-beta

siteserver-v6.3.25-beta

siteserver-v6.3.26-beta

siteserver-v6.3.31-beta

siteserver-v6.3.32-beta

siteserver-v6.3.33-beta

siteserver-v6.3.34-beta

siteserver-v6.3.35-beta

siteserver-v6.3.36-beta

siteserver-v6.3.5-beta

siteserver-v6.3.8-beta

siteserver-v6.3.9-beta

siteserver-v6.4.0-beta

siteserver-v6.4.1

siteserver-v6.4.10-beta

siteserver-v6.4.11-beta

siteserver-v6.4.12-beta

siteserver-v6.4.13-beta

siteserver-v6.4.14-beta

siteserver-v6.4.15-beta

siteserver-v6.4.3-beta

siteserver-v6.4.4-beta

siteserver-v6.4.5-beta

siteserver-v6.4.6-beta

siteserver-v6.4.7-beta

siteserver-v6.4.8-beta

siteserver-v6.4.9-beta

siteserver-v6.5.0-beta

siteserver-v6.5.1

siteserver-v6.5.13-beta

siteserver-v6.5.14-beta

siteserver-v6.5.16-beta

siteserver-v6.5.17-beta

siteserver-v6.5.18-beta

siteserver-v6.5.19-beta

siteserver-v6.5.2-beta

siteserver-v6.5.21-beta

siteserver-v6.5.22-beta

siteserver-v6.5.23-beta

siteserver-v6.5.24-beta

siteserver-v6.5.3-beta

siteserver-v6.5.4-beta

siteserver-v6.5.5-beta

siteserver-v6.5.6-beta

siteserver-v6.6.0-beta

siteserver-v6.6.1-beta

siteserver-v6.6.10-beta

siteserver-v6.6.11-beta

siteserver-v6.6.12-beta

siteserver-v6.6.13-beta

siteserver-v6.6.14-beta

siteserver-v6.6.15-beta

siteserver-v6.6.17-beta

siteserver-v6.6.18-beta

siteserver-v6.6.19-beta

siteserver-v6.6.2

siteserver-v6.6.20-beta

siteserver-v6.6.21-beta

siteserver-v6.6.22-beta

siteserver-v6.6.23-beta

siteserver-v6.6.24-beta

siteserver-v6.6.25-beta

siteserver-v6.6.26-beta

siteserver-v6.6.27-beta

siteserver-v6.6.3-beta

siteserver-v6.6.30-beta

siteserver-v6.6.31-beta

siteserver-v6.6.32-beta

siteserver-v6.6.33-beta

siteserver-v6.6.34-beta

siteserver-v6.6.35-beta

siteserver-v6.6.36-beta

siteserver-v6.6.37-beta

siteserver-v6.6.38-beta

siteserver-v6.6.39-beta

siteserver-v6.6.4-beta

siteserver-v6.6.40-beta

siteserver-v6.6.41-beta

siteserver-v6.6.5-beta

siteserver-v6.6.6-beta

siteserver-v6.6.7-beta

siteserver-v6.6.8-beta

siteserver-v6.6.9-beta

siteserver-v6.7.0

siteserver-v6.7.1

siteserver-v6.7.10-beta

siteserver-v6.7.11-beta

siteserver-v6.7.12-beta

siteserver-v6.7.13-beta

siteserver-v6.7.14-beta

siteserver-v6.7.15-beta

siteserver-v6.7.17-beta

siteserver-v6.7.2-beta

siteserver-v6.7.3-beta

siteserver-v6.7.4

siteserver-v6.7.5-beta

siteserver-v6.7.6

siteserver-v6.7.8-beta

siteserver-v6.7.9-beta

siteserver-v6.8.0

siteserver-v6.8.1

siteserver-v6.8.3

siteserver-v6.9.0

Other

upload