CVE-2019-15766

Name: CVE-2019-15766
Creator: NVD / NIST
Published: 2019-10-03T21:15:10.397+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 3.13%

Last modified Jun 17, 2026

CVE-2019-15766 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. EPSS estimates a 3.13% chance of exploitation in the next 30 days.

Description

The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to (and the config_text parameter set to the content of the file to be created). This can be a PHP file that is written to in the public web directory and subsequently executed. The attacker must have network connectivity to the PHP server that is running on the Android device.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.13%

86.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions
Kslabs	Ksweb	3.93

References

https://play.google.com/store/apps/details?id=ru.kslabs.ksweb&gl=GBProduct
https://rastating.github.io/ksweb-android-remote-code-execution/Exploit, Third Party Advisory
https://play.google.com/store/apps/details?id=ru.kslabs.ksweb&gl=GBProduct
https://rastating.github.io/ksweb-android-remote-code-execution/Exploit, Third Party Advisory

Timeline

Published: Oct 3, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-15766?

How severe is CVE-2019-15766?

CVE-2019-15766 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 3.13% probability of exploitation in the next 30 days.

How do I fix CVE-2019-15766?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15766?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST