Remote Code Execution in Bludit 3.9.0 via Logo Upload Vulnerability

Remote Code Execution in Bludit 3.9.0 via Logo Upload Vulnerability

CVE-2019-12548 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.

Learn more about our User Device Pen Test.