CVE-2018-20159

Exploit

EPSS 9.89%
Veröffentlicht 15.12.2018 05:29:00
Zuletzt bearbeitet 21.11.2024 04:00:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

I-doit ≫ I-doit Version1.11.2 SwEditionopen

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.89%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://pentest.com.tr/exploits/i-doit-CMDB-1-11-2-Remote-Code-Execution.html

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/45957

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-20159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20159

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-20159