CVE-2017-11756

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.

CVSS v3 7.0 HIGH
CVSS v2.0 6.0 MEDIUM

7.0^/10

CVSS v3 : HIGH

Vector : AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://lncken.cn/?p=359	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:earcms:ear_music:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-30 18:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-11756

Mitre link : CVE-2017-11756

CVE.ORG link : CVE-2017-11756

JSON object : View

Products Affected

earcms

ear_music

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2017-11756", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2017-07-30T18:29:00.600", "references": [{"url": "https://lncken.cn/?p=359", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code."}, {"lang": "es", "value": "En Earcms Ear Music hasta la versi\u00f3n 4.1 build 20170710, los usuarios autenticados remotos pueden ejecutar c\u00f3digo PHP arbitrario cambiando las extensiones de carga de m\u00fasica permitidas para incluir .php adem\u00e1s de .mp3 y .m4a en admin.php?iframe=config_upload, y luego usar el user.php/music/add/ para cargar el c\u00f3digo."}], "lastModified": "2017-08-04T19:42:10.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:earcms:ear_music:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "427FE176-3EFC-46A7-AAB6-C62D3CD702A4", "versionEndIncluding": "4.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}