CVE-2018-16974

Published: Sep 12, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).

Affected (1)

Products: Elefantcms: Elefant

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elefantcms Elefant	Before 2.0.7

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/jbroadway/elefant/issues/287

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable

Source: cve@mitre.org

Release Notes

https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/jbroadway/elefant/issues/287

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.