CKEditor before 4.1.9 Improper Input Validation Vulnerability

Summary

CKEditor before 4.1.9 suffers from improper input validation vulnerability

Credit:

The information has been provided by Muhamad Visat

The original article can be found at:https://github.com/xsmo/Image-Uploader-and-Browser-for-CKEditor/compare/4.1.8…v4.1.9


Details

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.

 

Vulnerable Systems:

CKEditor before 4.1.9

 

CVE Information:

CVE-2019-19502

 

Disclosure Timeline:
Published Date:12/2/2019

Categories: News