PT-2018-13420 · Thinkcmf · Thinkcmf

Published

2018-08-30

Updated

2018-11-06

CVE-2018-16141

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ThinkCMF version X2.2.3

Description The issue allows for arbitrary file deletion. It is located in the do avatar function within the ProfileController.class.php file. The vulnerability can be exploited via the imgurl parameter by using a .. sequence. This enables a member user to delete any file on a Windows server.

Recommendations For ThinkCMF version X2.2.3, restrict access to the do avatar function in the ProfileController.class.php file to prevent arbitrary file deletion. Avoid using the imgurl parameter with a .. sequence in the affected API endpoint until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-16141

Affected Products

Thinkcmf

PT-2018-13420 · Thinkcmf · Thinkcmf

CVE-2018-16141

Weakness Enumeration

Related Identifiers

Affected Products

References · 3