CVE-2018-1000619

Published: Jul 9, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons.

Affected (1)

Products: Ovidentia: Ovidentia

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ovidentia Ovidentia	Up to 8.4.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://drive.google.com/open?id=195h-LirGiIVKxioyusw3SvmLp8BljPxe

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://www.ovidentia.org/index.php?

Source: cve@mitre.org

Vendor Advisory

https://www.ovidentia.org/modules

Source: cve@mitre.org

Vendor Advisory

https://drive.google.com/open?id=195h-LirGiIVKxioyusw3SvmLp8BljPxe

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://www.ovidentia.org/index.php?

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ovidentia.org/modules

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.