Vulnerability CVE-2018-19104


Published: 2018-11-08

Description:
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Bagesoft
Product: Bagecms 
Version: 3.1.3;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://github.com/bagesoft/bagecms/issues/3

Related CVE
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2018-19560
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
CVE-2018-18258
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
CVE-2018-18257
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ di...
CVE-2018-14582
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.

Copyright 2019, cxsecurity.com

 

Back to Top