CVE-2019-16113
CVE-2019-16113
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (13 stars) — exploitation code widely available.
CVSS —EPSS 78.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
07 Sep 2019Metasploit module available
08 Sep 2019Published on NVD
20 Nov 2019Public PoC
Weaponization speed
72 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Affected products
n/a · n/apublic PoCs found — 15
githubgithub.com/cybervaca/CVE-2019-16113★ 13githubgithub.com/hg8/CVE-2019-16113-PoC★ 5githubgithub.com/ynots0ups/CVE-2019-16113★ 5githubgithub.com/mind2hex/CVE-2019-16113-Bludit-3.9.2-RCE★ 1githubgithub.com/DXY0411/CVE-2019-16113★ 0githubgithub.com/m4rm0k/CVE-2019-16113★ 0githubgithub.com/tronghoang89/cve-2019-16113★ 0githubgithub.com/Kenun99/CVE-2019-16113-Dockerfile★ 0githubgithub.com/dldygnl/CVE-2019-16113★ 0exploitdbwww.exploit-db.com/exploits/48568unverifiedcve_referencepacketstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.htmlunverifiedcve_referencepacketstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48701unverifiedexploitdbwww.exploit-db.com/exploits/47699unverifiedcve_referencepacketstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.htmlhttp://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.htmlhttp://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.htmlhttps://github.com/bludit/bludit/issues/1081