PT-2018-13990 · Bigtree · Bigtree

Pupiles

Publicado

2018-09-23

Atualizado

2018-11-21

CVE-2018-17341

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BigTree version 4.2.23

Description The issue allows remote attackers to bypass authentication when Advanced or Simple Rewrite routing is enabled. This can be achieved by using a .. substring in a URI, such as launch.php?bigtree htaccess url=admin/images/...

Recommendations For BigTree version 4.2.23, consider disabling Advanced or Simple Rewrite routing until a patch is available to prevent authentication bypass. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using the bigtree htaccess url parameter in the affected launch.php endpoint until the issue is resolved.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-17341

Produtos afetados

Bigtree

PT-2018-13990 · Bigtree · Bigtree

CVE-2018-17341

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4