CVE-2018-11091
Summary
| CVE | CVE-2018-11091 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-14 23:29:00 UTC |
| Updated | 2026-05-29 21:16:30 UTC |
| Description | An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the "HiddenFieldControlCustomWhiteListedExtensions" parameter and add arbitrary extensions to the whitelist during the upload. For instance, if the extension .asp is added to the "HiddenFieldControlCustomWhiteListedExtensions" parameter, the server accepts "secctest.asp" as a legitimate file. Hence malicious files can be uploaded in order to execute arbitrary commands to take over the server. |
Risk And Classification
Primary CVSS: v3.1 9.9 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS: 0.016950000 probability, percentile 0.826060000 (date 2026-06-03)
Problem Types: CWE-434 | n/a | CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.9 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | [email protected] | Primary | 9.9 | CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 9 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:S/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mybiz | Myprocurenet | 5.0.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc | af854a3a-2127-422b-91ae-364da2661108 | security.FreeBSD.org | |
| Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet – SEC Consult | af854a3a-2127-422b-91ae-364da2661108 | www.sec-consult.com | Third Party Advisory |
| Full Disclosure: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Bugtraq: FreeBSD Security Advisory FreeBSD-SA-19:26.mcu | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| FreeBSD Security Advisory - FreeBSD-SA-19:26.mcu ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.