CVEs-PoC/2019/CVE-2019-19731.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 22:53:11 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.1 KiB

Raw Permalink Blame History

CVE-2019-19731

Description

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).

POC

Reference

http://packetstormsecurity.com/files/155666/Roxy-Fileman-1.4.5-For-.NET-Directory-Traversal.html

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cve-scores
https://github.com/ARPSyndicate/cvemon
https://github.com/cyb3r-w0lf/nuclei-template-collection

1.1 KiB Raw Permalink Blame History

CVE-2019-19731

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History