CVE-2019-13372

Posted on 2019년 7월 7일2019년 7월 7일 by admin

CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie’s username field allows eval injection, and an empty password bypasses authentication.

Source: CVE-2019-13372

답글 남기기 응답 취소