CVE-2018-19586
Summary
| CVE | CVE-2018-19586 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-09 18:29:00 UTC |
| Updated | 2019-04-11 15:55:00 UTC |
| Description | Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Silverpeas | Silverpeas | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Silverpeas 5.15 To 6.0.2: Path Traversal - Bishop Fox | MISC | www.bishopfox.com | Exploit, Third Party Advisory |
| Silverpeas-Core/FileUploadData.java at d8c3bbb0695a4907db013401bd16c6527e2b4f41 · Silverpeas/Silverpeas-Core · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.