CVE-2017-16903

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt	Exploit
https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:lvyecms_project:lvyecms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type	Values Removed	Values Added
References	~~() https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt - Exploit~~	() https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt - Exploit

Information

Published : 2017-11-20 19:29

Updated : 2024-11-21 03:17

NVD link : CVE-2017-16903

Mitre link : CVE-2017-16903

CVE.ORG link : CVE-2017-16903

JSON object : View

Products Affected

lvyecms_project

lvyecms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2017-16903", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-11-20T19:29:00.327", "references": [{"url": "https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php."}, {"lang": "es", "value": "LvyeCMS hasta la versi\u00f3n 3.1 permite que atacantes remotos suban y ejecuten c\u00f3digo PHP arbitrario mediante secuencias de salto de directorio en el par\u00e1metro dir, en conjunto con c\u00f3digo PHP en el par\u00e1metro content, dentro de una petici\u00f3n de adici\u00f3n de plantilla Style en index.php."}], "lastModified": "2024-11-21T03:17:12.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lvyecms_project:lvyecms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F92ABB92-641B-4C21-84E2-A7237DA0F3AE", "versionEndIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}