cve/CVE-2019-14451.md at 410e68ca9dddb67493d84ae4fe8e1a9e392594db

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.

POC

Reference

No PoCs from references.

Github

https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hectorgie/PoC-in-GitHub

945 B Raw Blame History

CVE-2019-14451

Description

POC

Reference

Github

945 B

Raw Blame History