Remote Code Execution in baigoStudio baigoSSO v3.0.1 via Configuration Screen

Remote Code Execution in baigoStudio baigoSSO v3.0.1 via Configuration Screen

CVE-2019-10015 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.

Learn more about our Web Application Penetration Testing UK.