Deserialization Vulnerability in Chatopera Cosin v3.10.0: Remote Code Execution via Malicious File Upload

CVE-2019-6503 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method.

Learn more about our Cis Benchmark Audit For Server Software.