CVE-2019-13028
N/A
N/A
Summary
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
References
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.