CVE-2019-10774
CRITICAL WAF: High
CVSS 9.8
Published: 2019-12-30
CWE-78
php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| php-shellcommand_project | php-shellcommand | up to 1.6.1 |
References
- snyk.io (Exploit, Patch, Third Party Advisory)