Arbitrary Code Execution Vulnerability in Tobesoft Nexacro v2019.9.25.1 and Earlier Versions
CVE-2019-19167 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.
Learn more about our Web Application Penetration Testing UK.