PT-2018-9598 · Webid · Webid

Nils Stünkel

Published

2018-12-20

Updated

2019-01-07

CVE-2018-1000882

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: WeBid versions up to 1.2.2

Description: The issue concerns a Directory Traversal vulnerability in the getthumb.php file, which can lead to Arbitrary Image File Read. This can be exploited via an HTTP GET Request.

Recommendations: For WeBid versions up to 1.2.2, update to a version that includes the fix committed after 256a5f9d3eafbc477dcf77c7682446cc4b449c7f to resolve the issue. As a temporary workaround, consider restricting access to the getthumb.php file until the update is applied.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-1000882

Affected Products

Webid

PT-2018-9598 · Webid · Webid

CVE-2018-1000882

Weakness Enumeration

Related Identifiers

Affected Products

References · 6