PT-2018-11541 · Hongcms · Hongcms
Sm0Nk
·
Published
2018-06-29
·
Updated
2018-08-21
·
CVE-2018-13021
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HongCMS version 3.0.0
Description
An issue was discovered that allows for Arbitrary Script File Upload, which can result in PHP code execution. This is achievable via the "admin/index.php/template/upload" API endpoint.
Recommendations
For HongCMS version 3.0.0, consider restricting access to the "admin/index.php/template/upload" endpoint until a patch is available. As a temporary workaround, disabling the upload functionality in the template section can help minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hongcms