CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:saet:tebe_small_firmware:05.01:1137:*:*:*:*:*:*
cpe:2.3:h:saet:tebe_small:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:saet:webapp:04.68:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-31 22:29

Updated : 2024-02-04 20:20


NVD link : CVE-2019-9106

Mitre link : CVE-2019-9106

CVE.ORG link : CVE-2019-9106


JSON object : View

Products Affected

saet

  • webapp
  • tebe_small
  • tebe_small_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')