New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ClipperCMS 1.3.3 allows to upload htaccess file in default setting. #495

Open
Hexife opened this Issue Nov 14, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@Hexife

Hexife commented Nov 14, 2018

Brief of this vulnerability
ClipperCMS allows to upload .htaccess. It is able to execute the any types of the extensions as PHP scripts.

Test Environment

  • Apache/2.4.18 (Debian)
  • PHP 5.6.38-2+ubuntu16.04.1+deb.sury.org+1 (cli)

Affect version
1.3.3

Reason of This Vulnerability
.htaccess is allowed to upload in your default whitelist.

It should be removed in default whitelist.

It can change the access configuration about current directory and subdirectories.
Even this file can drive to execute any extensions as PHP script.

This vulnerability needs admin credentials, but it can be used to get system shell to adversary who get the admin authority using other attack( e.g. XSS ).

@Hexife

This comment has been minimized.

Hexife commented Nov 22, 2018

I got the CVE for this vulnerability - CVE-2018-19424.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment