ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload (enabled by default). This can be used by an attacker to perform actions for an admin (or any user with the file upload capability). With this vulnerability, one can automatically upload files (by default, it allows html, pdf, xml, zip, and many other file types). A file can be accessed publicly under the "/assets/files" directory.
References
Link | Resource |
---|---|
https://github.com/ClipperCMS/ClipperCMS/issues/494 | Exploit Issue Tracking Third Party Advisory |
https://www.exploit-db.com/exploits/45839/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-11T04:00:00
Updated: 2018-11-15T10:57:01
Reserved: 2018-11-09T00:00:00
Link: CVE-2018-19135
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-11T04:29:00.173
Modified: 2019-01-30T15:40:38.567
Link: CVE-2018-19135
JSON object: View
Redhat Information
No data.
CWE