CVE-2018-20159
Summary
| CVE | CVE-2018-20159 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-15 05:29:00 UTC |
| Updated | 2019-01-07 13:46:00 UTC |
| Description | i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| i-doit CMDB 1.11.2 - Remote Code Execution - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Pentest Blog - Self-Improvement to Ethical Hacking | MISC | pentest.com.tr | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.