Path traversal in iCMS



| Updated: 2019-09-23
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-7234
CWE-ID CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 iCMS
Web applications / CMS

Vendor iCMS

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Path traversal

EUVDB-ID: #VU21271

Risk: Low

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-7234

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "_app" parameter to the "admincp.php?app=apps&do=save" file. A remote authenticated administrator can send a specially crafted HTTP request containing directory traverses sequences and upload arbitrary ZIP file into directory above webroot.


Mitigation

Install update from vendor's website.

Vulnerable software versions

iCMS: 7.0.0 - 7.0.13

CPE2.3 External links

https://github.com/idreamsoft/iCMS/issues/51


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###