Command Injection Vulnerability in TeemIp Versions Before 2.4.0: Instantaneous Execution of Malicious PHP Code

Command Injection Vulnerability in TeemIp Versions Before 2.4.0: Instantaneous Execution of Malicious PHP Code

CVE-2019-10863 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.

Learn more about our Cis Benchmark Audit For Server Software.