PT-2018-9473 · Ovidentia · Ovidentia

Publicado

2018-07-09

Atualizado

2018-09-11

CVE-2018-1000619

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ovidentia versions 8.4.3 and earlier

Description The issue is related to unsanitized user input in the utilit.php file, specifically in the bab getAddonFilePathfromTg function, which can lead to authenticated remote code execution. The attack is exploitable if the attacker has permission to upload addons.

Recommendations For Ovidentia versions 8.4.3 and earlier, consider restricting access to the utilit.php file and the bab getAddonFilePathfromTg function to prevent exploitation until a fix is available. Avoid granting upload permissions to untrusted users to minimize the risk of attack.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2018-1000619

Produtos afetados

Ovidentia

PT-2018-9473 · Ovidentia · Ovidentia

CVE-2018-1000619

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5