Skip to main content

Openitcockpit CVE-2019-15490

CRITICAL
OS Command Injection (CWE-78)
2019-08-23 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 23, 2019 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.

AnalysisAI

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. Affected products include: It-Novum Openitcockpit. Version information: before 3.7.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2026-24892 HIGH POC
7.5 Feb 20

Unsafe PHP deserialization in openITCOCKPIT Community Edition 5.3.1 and earlier allows authenticated attackers to inject

CVE-2026-24891 HIGH POC
7.5 Feb 20

Remote code execution in openITCOCKPIT 5.3.1 and earlier via unsafe deserialization in the Gearman worker component, whi

CVE-2020-10789 CRITICAL
9.8 Mar 25

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell met

CVE-2019-15494 CRITICAL
9.8 Aug 23

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2020-10788 CRITICAL
9.1 Mar 25

openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API

CVE-2026-24893 HIGH
8.8 Apr 14

Remote code execution in openITCOCKPIT Community Edition (versions prior to 5.5.2) allows authenticated users with host

CVE-2023-36663 HIGH
8.8 Jun 25

it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the so

CVE-2019-15491 HIGH
8.8 Aug 23

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2023-3520 MEDIUM POC
4.6 Jul 06

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

CVE-2023-3218 MEDIUM POC
4.4 Jun 13

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. Rated medium severity (CVSS 4

CVE-2020-10792 HIGH
7.5 Mar 20

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placin

CVE-2019-15493 HIGH
7.5 Aug 23

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. Rated high severity (CVSS 7.5), this vulnerabili

Share

CVE-2019-15490 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy