Vulnerability Name: | CVE-2018-13981 (CCN-146400) | ||||||||||||
Assigned: | 2018-07-12 | ||||||||||||
Published: | 2018-07-12 | ||||||||||||
Updated: | 2018-09-12 | ||||||||||||
Summary: | The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php. | ||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-434 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-13981 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/148537/Zeta-Producer-Desktop-CMS-14.2.0-Code-Execution-File-Disclosure.html Source: CCN Type: BugTraq Mailing List, Thu, 12 Jul 2018 18:11:05 +0200 SEC Consult SA-20180712-0 Remote Code Execution & Local File Disclosure in Zeta Producer Desktop CMS Source: XF Type: UNKNOWN zeta-cve201813981-file-upload(146400) Source: CCN Type: Packet Storm Security [07-12-2018] Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-13-2018] Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 45016 Source: MISC Type: Exploit, Third Party Advisory https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/ Source: CCN Type: Zeta Producer Web site Desktop CMS | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |