CVE-2018-14911

Name of the Vulnerable Software and Affected Versions ukcms versions 1.1.7 and earlier

Description A file upload issue exists due to insufficient filtering of the file upload type. An attacker can exploit this by uploading a script Trojan to the admin.php/admin/configset/index/group/upload.html endpoint to gain server control. This is achieved by initially composing a request for a .txt upload and then modifying it to a .php upload. The attacker must have admin access to alter the upload file ext setting, also known as "Allow upload file suffix", and use "php,php" in this setting to bypass the "php" restriction.

Recommendations For ukcms versions 1.1.7 and earlier, as a temporary workaround, consider restricting access to the admin.php/admin/configset/index/group/upload.html endpoint until a patch is available. Additionally, restrict the use of the upload file ext setting to prevent bypassing the "php" restriction.