CVE-2018-14911

Exploit

EPSS 0.36%
Veröffentlicht 03.08.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:50:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ukcms ≫ Ukcms Version <= 1.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.55

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/yxcmf/ukcms/issues/1

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-14911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14911

EUVD