Command Injection Vulnerability in TeemIp Versions Before 2.4.0: Instantaneous Execution of Malicious PHP Code
CVE-2019-10863 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
Learn more about our Cis Benchmark Audit For Server Software.