Published: 03/07/2019 Updated: 05/07/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flowpaper flexpaper

#!/usr/bin/env python #Exploit Title: FlexPaper PHP Publish Service <= 236 RCE #Date: March 2019 #Exploit Author: Red Timmy Security - redtimmysecwordpresscom #Vendor Homepage: flowpapercom/download/ #Version: <= 236 #Tested on: Linux/Unix #CVE : CVE-2018-11686 #Disclamer: This exploit is for educational purpose only #More deta ...

CVE-2018-11686 - FlexPaper PHP Publish Service RCE <= 2.3.6

CVE-2018-11686 CVE-2018-11686 - FlexPaper PHP Publish Service RCE <= 236 found by Red Timmy Security Technical Analysis: wwwexploit-dbcom/docs/english/46521-flexpaper-=-236-remote-code-execution-whitepaperpdf Security advisory: unknow Proof Of Concept: Removing the config files The file change_configphp of FlexPaper (PHP) doesn't check if the

CWE-20 https://flowpaper.com/blog/https://redtimmysec.wordpress.com/2019/03/07/flexpaper-remote-code-execution https://nvd.nist.gov https://github.com/mpgn/CVE-2018-11686 https://www.exploit-db.com/exploits/46528

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-11686

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect