Arbitrary Code Execution Vulnerability in Tobesoft Nexacro v2019.9.25.1 and Earlier Versions

Arbitrary Code Execution Vulnerability in Tobesoft Nexacro v2019.9.25.1 and Earlier Versions

CVE-2019-19167 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Learn more about our Web Application Penetration Testing UK.