CVE-2018-20166

{"id": "CVE-2018-20166", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-01-02T18:29:01.310", "references": [{"url": "https://pentest.com.tr/exploits/Rukovoditel-Project-Management-CRM-2-3-1-Authenticated-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/46011", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in \".php\" with mixed case, such as the .pHp extension."}, {"lang": "es", "value": "Una vulnerabilidad de subida de archivos existe en la versi\u00f3n 2.3.1 de Rukovoditel. index.php?module=configuration/save permite a los usuarios subir una imagen de fondo y, adem\u00e1s, maneja incorrectamente la comprobaci\u00f3n de extensiones. Acepta la subida de contenido PHP si los primeros caracteres coinciden con los datos GIF y el nombre del archivo termina en \".php\" con may\u00fasculas y min\u00fasculas, como es la extensi\u00f3n .pHp."}], "lastModified": "2019-01-31T16:33:28.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rukovoditel:rukovoditel:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "548ADBFF-AC51-443A-916C-8CBE47A247A4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}