← back
CVE-2019-19609

CVE-2019-19609

EPSS 54.1%◆ VulnCheck KEV
Vexday Risk Score
57Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Popular PoC on GitHub (9 stars) — exploitation code widely available.
CVSS EPSS 54.1%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
05 Dec 2019Published on NVD
29 Aug 2021Public PoC
Weaponization speed
632 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.