Unsanitized User Input in Ovidentia Allows Authenticated Remote Code Execution

Unsanitized User Input in Ovidentia Allows Authenticated Remote Code Execution

CVE-2018-1000619 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.

Learn more about our User Device Pen Test.