CVE-2018-18830

{"id": "CVE-2018-18830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-10-30T06:29:00.843", "references": [{"url": "https://gitee.com/mingSoft/MCMS/issues/IO0IQ", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitee.com/mingSoft/MCMS/issues/IO0IQ", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in com\\mingsoft\\basic\\action\\web\\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code."}, {"lang": "es", "value": "Se ha descubierto un problema en com\\mingsoft\\basic\\action\\web\\FileAction.java en MCMS 4.6.5. Ya que la interfaz de subida no verifica el estado de inicio de sesi\u00f3n del usuario, se puede emplear esta interfaz para subir archivos sin establecer una cookie. En primer lugar, se inicia la subida de c\u00f3digo JSP con un nombre de archivo .png y, despu\u00e9s, se intercepta el paquete de datos. En el par\u00e1metro name, se cambia el sufijo a jsp. En la respuesta, el servidor devuelve la ruta de almacenamiento del archivo, al que se puede acceder para ejecutar c\u00f3digo JSP arbitrario."}], "lastModified": "2024-11-21T03:56:42.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mingsoft:mcms:4.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33409E8-42F6-49B0-899E-BBFE3CFF42F7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}