PT-2018-9535 · Bludit · Bludit
Bousalman
·
Published
2018-12-20
·
Updated
2019-01-07
·
CVE-2018-1000811
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
bludit version 3.0.0
Description
The issue allows for Unrestricted Upload of File with Dangerous Type, which can lead to Remote Command Execution. This can be exploited by a malicious user uploading a crafted payload containing PHP code.
Recommendations
For bludit version 3.0.0, update to a version that contains a fix for this issue to prevent Remote Command Execution. As a temporary workaround, consider restricting access to the Content Upload feature in the Pages Editor to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bludit