CVE-2018-14911

{"id": "CVE-2018-14911", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2018-08-03T19:29:00.607", "references": [{"url": "https://github.com/yxcmf/ukcms/issues/1", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka \"Allow upload file suffix\") setting, and must use \"php,php\" in this setting to bypass the \"php\" restriction."}, {"lang": "es", "value": "Existe una vulnerabilidad de subida de archivos en ukcms en versiones 1.1.7 y anteriores. La vulnerabilidad se debe a que el sistema no filtra de forma estricta el tipo de subida de archivos. Un atacante puede explotar la vulnerabilidad para subir un script troyano a admin.php/admin/configset/index/group/upload.html para obtener el control del servidor componiendo una petici\u00f3n para la subida de un archivo .txt y cambi\u00e1ndolo despu\u00e9s a subida .php. El atacante debe tener acceso de administrador para cambiar la opci\u00f3n upload_file_ext (\"Allow upload file suffix\") y debe emplear \"php,php\" en esta opci\u00f3n para omitir la restricci\u00f3n \"php\"."}], "lastModified": "2018-10-10T15:04:45.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ukcms:ukcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C702DDF-CCA8-4621-AB18-9F7C49854A2A", "versionEndIncluding": "1.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}