PT-2018-9473 · Ovidentia · Ovidentia

Published

2018-07-09

Updated

2018-09-11

CVE-2018-1000619

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ovidentia versions 8.4.3 and earlier

Description The issue is related to unsanitized user input in the utilit.php file, specifically in the bab getAddonFilePathfromTg function, which can lead to authenticated remote code execution. The attack is exploitable if the attacker has permission to upload addons.

Recommendations For Ovidentia versions 8.4.3 and earlier, consider restricting access to the utilit.php file and the bab getAddonFilePathfromTg function to prevent exploitation until a fix is available. Avoid granting upload permissions to untrusted users to minimize the risk of attack.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-1000619

Affected Products

Ovidentia

PT-2018-9473 · Ovidentia · Ovidentia

CVE-2018-1000619

Weakness Enumeration

Related Identifiers

Affected Products

References · 5