Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
656
VMScore

CVE-2019-15813

Published: 04/09/2019 Updated: 03/05/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Sentrifugo

Vulnerability Summary

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sentrifugo sentrifugo 3.2

Exploits

Exploit DB: Sentrifugo 3.2 - File Upload Restriction Bypass
# Exploit Title: Sentrifugo 32 - File Upload Restriction Bypass # Google Dork: N/A # Date: 8/29/2019 # Exploit Author: creosote # Vendor Homepage: wwwsentrifugocom/ # Version: 32 # Tested on: Ubuntu 1804 # CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in Sentrifugo 32 This allows for an auth ...
Exploit DB: Sentrifugo 3.2 File Upload Restriction Bypass
Sentrifugo version 32 suffers from a file upload restriction bypass vulnerability ...
Exploit DB: Sentrifugo 3.2 Shell Upload / Restriction Bypass
Sentrifugo version 32 suffers from a restriction bypass vulnerability that allows for a remote shell upload ...

Github Repositories

https://github.com/wolf1892/CVE-2019-15813

This container was made to explain and demonstrate how CVE-2019-15813 (Sentrifugo works)

CVE-2019-15813 This container was made to explain and demonstrate how CVE-2019-15813 (Sentrifugo works) Sentrifugo V32 Sentrifugo is a Human Resource Management System How to Install docker-compose up Default crentials to test ----Super Admin---- Username : empp0001 Password : 5faa7bdf3d7af ---Employee---- Username: EMPP123 Password: bygedupub --Reverse PHP shell-- Extract res

https://github.com/avi7611/Sentrifugo-vulnerable-docker

This Project is made by Avi Gupta OBJECTIVE:- To mimic CVE-2019-15813 using a docker enviroment Pre-requisites:- Ubuntu Docker burpsuite GUIDE to setup Docker:- Change the current directory to cloned folder Open terminal in the Current directoy and run the following command to build and run docker image bash startsh Note:- Alernatively if you want to mannually build

References

CWE-434https://www.exploit-db.com/exploits/47323http://packetstormsecurity.com/files/159712/Sentrifugo-3.2-Shell-Upload-Restriction-Bypass.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/47323https://github.com/wolf1892/CVE-2019-15813
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook