CVE-2017-16941

{"id": "CVE-2017-16941", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-25T05:29:00.210", "references": [{"url": "https://github.com/octobercms/october/issues/3257", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/octobercms/october/issues/3257", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says \"I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering."}, {"lang": "es", "value": "** EN DISPUTA ** October CMS hasta la versi\u00f3n 1.0.428 no evita el uso de .htaccess en los temas, lo que permite que usuarios autenticados remotos ejecuten c\u00f3digo PHP arbitrario mediante la descarga de un archivo ZIP de temas de /backend/cms/themes y, a continuaci\u00f3n, subiendo e importando un archivo modificado con dos nuevos archivos: un archivo .php y un archivo .htaccess. NOTA: el fabricante dice: \"No creo que [un atacante capaz de iniciar sesi\u00f3n en el sistema bajo una cuenta que tiene acceso para gestionar/subir temas] sea un modelo de amenaza que necesitemos tener en consideraci\u00f3n\"."}], "lastModified": "2024-11-21T03:17:17.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90A9C91F-B238-4D53-B638-63A977A99FE4", "versionEndIncluding": "1.0.428"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}