Deserialization Vulnerability in Chatopera Cosin v3.10.0: Remote Code Execution via Malicious File Upload
CVE-2019-6503 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.
Learn more about our Cis Benchmark Audit For Server Software.