CVE-2019-8404

Published: May 14, 2019Modified: Jun 17, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.

Affected (1)

Products: Webiness Inventory Project: Webiness Inventory

Webiness Inventory Project

1 product

Webiness Inventory

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webiness Inventory Project Webiness Inventory	Version 2.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://packetstormsecurity.com/files/151763/Webiness-Inventory-2.3-Arbitrary-File-Upload.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://sourceforge.net/projects/webinessinventory/files/

Source: cve@mitre.org

Product

https://www.exploit-db.com/exploits/46405/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/151763/Webiness-Inventory-2.3-Arbitrary-File-Upload.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://sourceforge.net/projects/webinessinventory/files/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.exploit-db.com/exploits/46405/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.