Multiple vulnerabilities in Publify
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-1811 CVE-2022-1810 |
| CWE-ID | CWE-434 CWE-284 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Publify Web applications / Modules and components for CMS |
| Vendor | Publify |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Arbitrary file upload
EUVDB-ID: #VU63675
Risk: Medium
CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-1811
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in the resources/upload script. A remote user can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPublify: 9.0.0 - 9.2.8
CPE2.3- cpe:2.3:a:publify:publify:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:publify:publify:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:publify:publify:9.1.0:*:*:*:*:*:*:*
https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper access control
EUVDB-ID: #VU63676
Risk: Medium
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Green]
CVE-ID: CVE-2022-1810
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can change the value of the article[id] parameter and modify and delete admin articles.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPublify: 9.0.0 - 9.2.8
CPE2.3- cpe:2.3:a:publify:publify:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:publify:publify:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:publify:publify:9.1.0:*:*:*:*:*:*:*
https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce
https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
