Arbitrary file upload in Bludit
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-1000811 |
| CWE-ID | CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Bludit Web applications / CMS |
| Vendor | Bludit |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Arbitrary file upload
EUVDB-ID: #VU36279
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-1000811
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
MitigationInstall update from vendor's website.
Vulnerable software versionsBludit: 3.0.0
CPE2.3 External linkshttp://github.com/bludit/bludit/issues/812
http://www.exploit-db.com/exploits/46060/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
