WEB APPLICATION VULNERABILITIES Standard & Premium

Nexus Repository Manager Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-16530)

Description

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

Remediation

References

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0238)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21357)

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0185)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3796)

Severity

High

Classification

CVE-2019-16530 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities