CVE-2018-18626 - OpenCVE

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Phpyun	Phpyun

Configuration 1 [-]

cpe:2.3:a:phpyun:phpyun:4.6:*:*:*:*:*:*:*

References

Link	Resource
http://str3am.me/2018/10/23/CVE_01/#more	Broken Link Third Party Advisory URL Repurposed

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:04

Updated: 2022-10-03T16:22:04

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-18626

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-23T19:29:00.230

Modified: 2024-02-14T01:17:43.863

Link: CVE-2018-18626

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpyun:phpyun:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "3F336726-7561-4C71-8D71-9D7D29138BCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the \"admin/index.php?m=database&c=del\" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter."}, {"lang": "es", "value": "Se ha descubierto un problema en PHPYun V4.6. Hay una vulnerabilidad que puede eliminar cualquier archivo o directorio mediante el par\u00e1metro sql en admin/index.php?m=databasec=del debido a que del_action() en admin/model/database.class.php gestiona de manera incorrecta este par\u00e1metro."}], "id": "CVE-2018-18626", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-23T19:29:00.230", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "URL Repurposed"], "url": "http://str3am.me/2018/10/23/CVE_01/#more"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}