Plateforme
wordpress
Composant
busiprof
Corrigé dans
2.5.3
CVE-2026-39619 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Busiprof, a software component. This vulnerability allows an attacker to upload a malicious web shell to a web server, potentially leading to complete system compromise. The vulnerability affects versions from 0.0.0 through 2.5.2, and a patch is available in version 2.5.3.
The primary impact of CVE-2026-39619 is the ability for an attacker to execute arbitrary code on the affected web server. By leveraging the CSRF vulnerability, an attacker can trick a legitimate user into unknowingly triggering the web shell upload. Once the web shell is deployed, the attacker gains remote code execution capabilities, enabling them to modify files, steal sensitive data, install malware, or pivot to other systems on the network. The blast radius extends to any data stored or processed by the web server, and the attacker could potentially gain full control of the underlying infrastructure.
The vulnerability was published on 2026-04-08. Exploitation context is currently limited, and no public Proof-of-Concept (POC) code has been widely reported. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation if the vulnerability is exposed. It is recommended to prioritize remediation due to the potential for severe consequences.
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
Vecteur CVSS
The recommended mitigation for CVE-2026-39619 is to immediately upgrade Busiprof to version 2.5.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as strict input validation on file upload endpoints and implementing CSRF protection mechanisms like double-submit cookies or SameSite cookies. Web Application Firewalls (WAFs) configured to detect and block suspicious file uploads can also provide a layer of defense. Monitor web server logs for unusual file uploads or execution attempts.
Aucune correction connue n'est disponible. Veuillez examiner en profondeur les détails de la vulnérabilité et mettre en œuvre des mesures d'atténuation en fonction de la tolérance au risque de votre organisation. Il peut être préférable de désinstaller le logiciel affecté et de trouver un remplacement.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-39619 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Busiprof versions 0.0.0–2.5.2. It allows attackers to upload a web shell, potentially leading to remote code execution.
Yes, if you are running Busiprof versions 0.0.0 through 2.5.2, you are affected by this vulnerability. Immediately assess your systems and apply the necessary updates.
The recommended fix is to upgrade Busiprof to version 2.5.3 or later. If upgrading is not possible, implement temporary workarounds like input validation and CSRF protection.
While no widespread exploitation has been publicly reported, the high CVSS score indicates a high probability of exploitation. Proactive remediation is strongly advised.
Refer to the Busiprof official website or security advisory channels for the most up-to-date information and guidance regarding CVE-2026-39619.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.