Published: 31/12/2019 Updated: 14/01/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP prior to 10.0 allows a remote malicious user to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ricoh fusionpro vdp

#!/usr/bin/env python ''' # Exploit Title: MarcomCentral FusionPro VDP Creator < 100 - Directory Traversal # Date: 02/11/2019 # Exploit Author: 0v3rride # Vendor Homepage: marcomcom/ # Software Link: staticpticom/downloads/FusionPro/Win32/FusionPro_9336_Setupexe # Version: < 100 (version tested was 93) # Executable/S ...

PoCs PoCs for most of the zero days that I've discovered: CVE-2019-6716 - No - Unauthenticated IDOR CVE-2019-7751 - Yes - Directory Traversal & LFI CVE-2019-8385 - Yes - Directory Traversal & LFI

CWE-22 https://packetstormsecurity.com/files/151963/MarcomCentral-FusionPro-VDP-Creator-Directory-Traversal.html https://www.exploit-db.com/exploits/46494 https://nvd.nist.gov https://github.com/0v3rride/PoCs https://www.exploit-db.com/exploits/46494

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-7751

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect