PT-2018-11541 · Hongcms · Hongcms
Sm0Nk
·
Publicado
2018-06-29
·
Atualizado
2018-08-21
·
CVE-2018-13021
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HongCMS version 3.0.0
Description
An issue was discovered that allows for Arbitrary Script File Upload, which can result in PHP code execution. This is achievable via the "admin/index.php/template/upload" API endpoint.
Recommendations
For HongCMS version 3.0.0, consider restricting access to the "admin/index.php/template/upload" endpoint until a patch is available. As a temporary workaround, disabling the upload functionality in the template section can help minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hongcms