Remote Code Execution and File Deletion Vulnerability in eID Client Web Server

Remote Code Execution and File Deletion Vulnerability in eID Client Web Server

CVE-2019-13028 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.