CVE-2018-19114

Name of the Vulnerable Software and Affected Versions MinDoc versions prior to 1.0.3

Description An issue allows attackers to gain privileges by uploading an image file with specific contents that represent an admin session. The attacker can then send a Cookie header with a mindoc id value containing the relative pathname of the uploaded file. This can be achieved by manipulating the mindoc id to include a pathname such as aa/../../uploads/blog/201811/attach #.jpg, where # is a hex value displayed in the upload field of a manage/blogs/edit screen.

Recommendations For MinDoc versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the image upload feature and validating the mindoc id values to prevent malicious path manipulation. Avoid using the mindoc id parameter in the affected API endpoint until the issue is resolved.