Vulnerability CVE-2018-1000811
Published: 2018-12-20

Description:
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.

Type:

CWE-434

 (Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Bludit -> Bludit 

 References:
https://github.com/bludit/bludit/issues/812
https://www.exploit-db.com/exploits/46060/
Copyright 2024, cxsecurity.com

 

Back to Top