CVE-2019-12150

Published: May 24, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.

Affected (1)

Products: Karamasoft: Ultimateeditor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Karamasoft Ultimateeditor	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.karamasoft.com

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.karamasoft.com

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.