CVE-2018-19420 - OpenCVE

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Get-simple	Getsimple Cms

Configuration 1 [-]

cpe:2.3:a:get-simple:getsimple_cms:3.3.15:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:21:56

Updated: 2022-10-03T16:21:56

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-19420

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-11-21T21:29:00.220

Modified: 2018-12-28T14:31:42.387

Link: CVE-2018-19420

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:get-simple:getsimple_cms:3.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "1175D384-DC48-4226-9609-725629E65605", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g., the test or test.asdf filename), because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php."}, {"lang": "es", "value": "En GetSimpleCMS 3.3.15, admin/upload.php bloquea las subidas de .html, pero hay varios casos alternativos en los que se puede ejecutar HTML, como con un archivo sin extensi\u00f3n o con una extensi\u00f3n desconocida (como, por ejemplo, los nombres de archivo test o test.asdf). Esto se debe a admin/upload-uploadify.php y a validate_safe_file en admin/inc/security_functions.php."}], "id": "CVE-2018-19420", "lastModified": "2018-12-28T14:31:42.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-21T21:29:00.220", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1301"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}