A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/May/11 | Exploit Mitigation Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-02T21:00:00
Updated: 2018-05-02T20:57:01
Reserved: 2018-04-10T00:00:00
Link: CVE-2018-9919
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-02T21:29:01.183
Modified: 2018-06-13T15:59:12.313
Link: CVE-2018-9919
JSON object: View
Redhat Information
No data.
CWE