Published: 05/12/2019 Updated: 14/09/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 804

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The Strapi framework prior to 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strapi strapi
strapi strapi 3.0.0

Strapi CMS version 300-beta174 authenticated remote code execution exploit ...

Strapi version 300-beta177 authenticated remote code execution exploit ...

CVE-2019-19609-EXPLOIT

Horizontall - StrAPI - Laravel Synopsis “Horizontall” is marked as easy difficulty machine which features multiple SSH and Nginx service VHOST is enabled on the server and it is running Beta version of StraAPI application and it has multiple vulnerabilities We gain access StrAPI application dashboard via exploiting a bug in access control and then gain shell acce

Exploit for CVE-2019-19609 in Strapi (Remote Code Execution)

CVE-2019-19609-EXPLOIT Exploit for CVE-2019-19609 in Strapi (Remote code execution in strapi-300-beta177 or earlier) I was faced with a scenario with this vulnerability, but without a public exploit I decided to create my own and share it here Instalation git clone githubcom/diego-tella/CVE-2019-19609-EXPLOIT Usage cd CVE-

1How many TCP ports are open on this target? First we need what's going on the server, what kind of port are open, and ofc what we can exploit :) We can see there nothing intresting, only 22 SSH and 80 HTTP 2Using the Developer Tools in a browser we can see 'appc68eb462js' being loaded in the Network tab What is the additional subdomain that is exposed in t

Strapi <= 3.0.0-beta.17.8 authenticated remote code execution

CVE-2019-19609 Strapi <= 300-beta178 authenticated remote code execution

Strapi Remote Code Execution

CVE-2019-19609 Strapi Remote Code Execution Usage python3 exploitpy {rhost} {jwt} {url} {lhost} Exploit POC bittherapynet/post/strapi-framework-remote-code-execution/

Strapi CMS 3.0.0-beta.17.4 - Unauthenticated Remote Code Execution (CVE-2019-18818, CVE-2019-19609)

Strapi CMS Exploit This exploit targets two vulnerabilities in the Strapi CMS Framework version 300-beta-174 allowing for unauthenticated remote code execution (RCE)   Vulnerabilities CVE-2019-18818 Weak Password Recovery Mechanism for Forgotten Password CVSS: 98 - Critical More details: nvdnistgov/vuln/detail/CVE-2019-18818 CVE-2019-19609 Improper Neutr

Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one :/ Usage python3 exploitpy <rhost> <lhost> <jwt> <url> A video youtube/alhZJmuUd2s More Information hack-fastherokuappcom/cve/C

WriteUp Horizontall Horizontall es una máquina Linux de fácil dificultad donde solo están expuestos los servicios HTTP y SSH La enumeración del sitio web revela que está construido utilizando el marco Vue JS Al revisar el código fuente del archivo Javascript, se descubre un nuevo host virtual Este host cont

CWE-78 https://bittherapy.net/post/strapi-framework-remote-code-execution/https://github.com/strapi/strapi/pull/4636 http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html http://packetstormsecurity.com/files/163940/Strapi-3.0.0-beta.17.7-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.html https://github.com/diego-tella/CVE-2019-19609-EXPLOIT

CVE-2019-19609

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect