9

CVE-2018-1000504

Exploit

EPSS 0.96%
Veröffentlicht 26.06.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:40:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Redirection <= 2.7.3 - Local File Inclusion

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.

Mögliche Gegenmaßnahme

Redirection: Update to version 2.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Redirection

Version *-2.7.3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redirection ≫ Redirection Version2.7.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.96%	0.761

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://advisories.dxw.com/advisories/ace-file-inclusion-redirection/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/6e81cbe3-1310-4f6f-ae42-8d09b321657a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1000504

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000504

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000504

EUVD