PT-2019-18049 · Usualtool · Usualtoolcms

Fdbao

·

Publicado

2019-01-12

·

Atualizado

2019-01-24

·

CVE-2019-6244

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions UsualToolCMS version 8.0
Description An issue was discovered that allows CSRF attacks, which can execute SQL statements. Consequently, this can lead to the execution of arbitrary PHP code by writing that code into a .php file. The issue is related to the cmsadmin/a sqlbackx.php?t=sql endpoint.
Recommendations For UsualToolCMS version 8.0, as a temporary workaround, consider restricting access to the cmsadmin/a sqlbackx.php?t=sql endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2019-6244

Produtos afetados

Usualtoolcms