PHP Login And User Management 4.1.0 Shell Upload

2018.05.25

Credit: Reginald Dodd

Risk: High

Local: No

Remote: Yes

CVE: CVE-2018-11392

CWE: CWE-264

CVSS Base Score: 6.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

[Title]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)
[Product]
PHP Login & User Management
https://codecanyon.net/item/php-login-user-management/49008
[CVE]
CVE-2018-11392
[Credit]
Reginald Dodd
[Description]
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code execution by requesting the .php file.
[Affected Versions]
v4.1.0 and below
[Solution]
Upgrade to v4.1.1
[Timeline]
April 28, 2018 - A detailed vulnerability report was sent to the vendor.
May 1, 2018 - The vendor acknowledged the report.
May 15, 2018 - The developer made the fix available through the vendor's marketplace.
May 22, 2018 - I requested an update, and the vendor stated that this issue has been "resolved".
May 22, 2018 - Mitre assigned a CVE.

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP Login And User Management 4.1.0 Shell Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.