Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/155295/Bludit-Directory-Traversal-Image-File-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/157988/Bludit-3.9.12-Directory-Traversal.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/158569/Bludit-3.9.2-Directory-Traversal.html | Exploit Third Party Advisory VDB Entry |
https://github.com/bludit/bludit/issues/1081 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-08T20:50:28
Updated: 2020-07-27T20:06:07
Reserved: 2019-09-08T00:00:00
Link: CVE-2019-16113
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-09-08T21:15:10.617
Modified: 2022-04-26T20:08:43.033
Link: CVE-2019-16113
JSON object: View
Redhat Information
No data.
CWE