← back
CVE-2018-19422

CVE-2018-19422

EPSS 64.3%
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (8 stars) — exploitation code widely available.
CVSS EPSS 64.3%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
04 Nov 2018Metasploit module available
21 Nov 2018Published on NVD
17 May 2021Public PoC
Weaponization speed
908 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.