cve/2019/CVE-2019-5418.md

### [CVE-2019-5418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418)
![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Frails%2Frails&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.2.11.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.0.7.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.1.6.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.2.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal%20(CWE-22)&color=brightgreen)

### Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

### POC

#### Reference
- http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
- https://www.exploit-db.com/exploits/46585/

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/nuclei-templates
- https://github.com/3llio0T/Active-
- https://github.com/4n86rakam1/notes
- https://github.com/5l1v3r1/rails-cve-lab
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ArrestX/--POC
- https://github.com/Bad3r/RailroadBandit
- https://github.com/BitTheByte/Eagle
- https://github.com/CLincat/vulcat
- https://github.com/DSO-Lab/pocscan
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Hamid-K/bookmarks
- https://github.com/Janalytics94/anomaly-detection-software
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/LearnGolang/LearnGolang
- https://github.com/LubinLew/WEB-CVE
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/N3agu/CTFs
- https://github.com/NotoriousRebel/RailRoadBandit
- https://github.com/Ostorlab/KEV
- https://github.com/SLTN91/Microservices-Applications-Attack-and-Detection
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Soundaryakambhampati/test-6
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/W01fh4cker/Serein
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Zenika/kubernetes-security-workshop
- https://github.com/albinowax/ActiveScanPlusPlus
- https://github.com/alex14324/Eagel
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/amcai/myscan
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/brompwnie/CVE-2019-5418-Scanner
- https://github.com/cyberharsh/rails5418
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/daehyeok0618/CVE-2019-5418
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/geeknik/my-awesome-stars
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/huimzjty/vulwiki
- https://github.com/kailing0220/CVE-2019-5418
- https://github.com/koutto/jok3r-pocs
- https://github.com/lnick2023/nicenice
- https://github.com/merlinepedra/nuclei-templates
- https://github.com/merlinepedra25/nuclei-templates
- https://github.com/mpgn/CVE-2019-5418
- https://github.com/mpgn/Rails-doubletap-RCE
- https://github.com/n1sh1th/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/omarkurt/CVE-2019-5418
- https://github.com/packetinside/CISA_BOT
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/random-robbie/CVE-2019-5418
- https://github.com/shuanx/vulnerability
- https://github.com/sobinge/nuclei-templates
- https://github.com/superfish9/pt
- https://github.com/takeokunn/CVE-2019-5418
- https://github.com/timkoopmans/rails-cve-lab
- https://github.com/ums91/CISA_BOT
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zhoubingyan1/Golang-Learning
- https://github.com/ztgrace/CVE-2019-5418-Rails3
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-5418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418)`
			`![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Frails%2Frails&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=4.2.11.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.0.7.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.1.6.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.2.2.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20Traversal%20(CWE-22)&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

			`There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html`
			`- https://www.exploit-db.com/exploits/46585/`

			`#### Github`
			`- https://github.com/0day404/vulnerability-poc`
			`- https://github.com/0xT11/CVE-POC`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/20142995/nuclei-templates`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/3llio0T/Active-`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/4n86rakam1/notes`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/5l1v3r1/rails-cve-lab`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/ArrestX/--POC`
			`- https://github.com/Bad3r/RailroadBandit`
			`- https://github.com/BitTheByte/Eagle`
			`- https://github.com/CLincat/vulcat`
			`- https://github.com/DSO-Lab/pocscan`
			`- https://github.com/Elsfa7-110/kenzer-templates`
			`- https://github.com/Hamid-K/bookmarks`
			`- https://github.com/Janalytics94/anomaly-detection-software`
			`- https://github.com/KayCHENvip/vulnerability-poc`
			`- https://github.com/LearnGolang/LearnGolang`
			`- https://github.com/LubinLew/WEB-CVE`
			`- https://github.com/Miraitowa70/POC-Notes`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/N3agu/CTFs`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/NotoriousRebel/RailRoadBandit`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/SLTN91/Microservices-Applications-Attack-and-Detection`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/Soundaryakambhampati/test-6`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Threekiii/Vulhub-Reproduce`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/TrojanAZhen/Self_Back`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/W01fh4cker/Serein`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/XiaomingX/awesome-poc-for-red-team`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Zenika/kubernetes-security-workshop`
			`- https://github.com/albinowax/ActiveScanPlusPlus`
			`- https://github.com/alex14324/Eagel`
			`- https://github.com/alphaSeclab/sec-daily-2019`
			`- https://github.com/amcai/myscan`
			`- https://github.com/bakery312/Vulhub-Reproduce`
			`- https://github.com/brompwnie/CVE-2019-5418-Scanner`
			`- https://github.com/cyberharsh/rails5418`
			`- https://github.com/d4n-sec/d4n-sec.github.io`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/daehyeok0618/CVE-2019-5418`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/developer3000S/PoC-in-GitHub`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/geeknik/my-awesome-stars`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/hectorgie/PoC-in-GitHub`
			`- https://github.com/huimzjty/vulwiki`
			`- https://github.com/kailing0220/CVE-2019-5418`
			`- https://github.com/koutto/jok3r-pocs`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/merlinepedra/nuclei-templates`
			`- https://github.com/merlinepedra25/nuclei-templates`
			`- https://github.com/mpgn/CVE-2019-5418`
			`- https://github.com/mpgn/Rails-doubletap-RCE`
			`- https://github.com/n1sh1th/CVE-POC`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/omarkurt/CVE-2019-5418`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/packetinside/CISA_BOT`
			`- https://github.com/plzheheplztrying/cve_monitor`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/random-robbie/CVE-2019-5418`
			`- https://github.com/shuanx/vulnerability`
			`- https://github.com/sobinge/nuclei-templates`
			`- https://github.com/superfish9/pt`
			`- https://github.com/takeokunn/CVE-2019-5418`
			`- https://github.com/timkoopmans/rails-cve-lab`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/ums91/CISA_BOT`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/zhoubingyan1/Golang-Learning`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/ztgrace/CVE-2019-5418-Rails3`