Skip to content

Vulnerability Name

Summary

Description Details
Name
Summary
Affected application
Affected revision
Vendor update available Yes
CVE CVE-2019-9978
Ids CWE-94; WPVDB9259
CVSSv3.0 Base Score 10.0
CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L/E:P/RL:O/RC:C
Public Exploit available Yes
Exploit verified Yes
Authentication Required No

Vulnerable Code

<?php

echo vulnerable code;

Exploit :

<pre>system('id ; ls -al ;ps aufx;')</pre>

Exploit Methodology

The attacker will have to do the following to exploit this vulnerability:-

Security Patch

diff patch 

References