eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
References
Link | Resource |
---|---|
http://incidentsecurity.com/elabftw-1-8-5-entitycontroller-arbitrary-file-upload-rce/ | Exploit Vendor Advisory URL Repurposed |
https://github.com/fuzzlove/eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-19T23:05:41
Updated: 2019-05-19T23:05:41
Reserved: 2019-05-19T00:00:00
Link: CVE-2019-12185
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-20T00:29:00.397
Modified: 2024-02-14T01:17:43.863
Link: CVE-2019-12185
JSON object: View
Redhat Information
No data.
CWE