Skip to content

ricardojoserf/CVE-2019-19033

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2019-19033: Jalios JCMS 10 Backdoor Account / Authentication Bypass

I. VULNERABILITY

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.

II. CVE REFERENCE

CVE-2019-19033

III. VENDOR

Jalios (https://www.jalios.com/jcms/j_6/en/home)

IV. TIMELINE

08/11/19 - Vulnerability discovered

09/11/19 - Vendor contacted

14/11/19 - Vendor fixes the vulnerability

V. DESCRIPTION

The "webdav" folder uses HTTP authentication which can be bypassed using the backdoor account. This allows to get access to the website as the administrator and then create more administrator users, change passwords of any username, delete usernames, create groups, download the list of all the users (with email addresses, phone numbers, full names ...). It is also possible to upload or overwrite any file in the WebDAV server. The "webdav" folder is located by default in the root of the website. This is caused by a vulnerable version of the "DevTools" plugin, installed by default.

VI. IMPACT

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

VII. SOLUTION

Possible solutions:

  • Disable the DevToolsAuthenticationHandler
  • Disable or uninstall the DevTools plugin.
  • Upgrade DevTools plugin to version 7.1 or 8.1

VIII. REFERENCES

About

CVE-2019-19033 description and scripts to check the vulnerability in Jalios JCMS 10 (Authentication Bypass)

Topics

Resources

Stars

Watchers

Forks

Sponsor this project

 

Languages