SB2022052523 - Multiple vulnerabilities in Publify

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2022-1811)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the resources/upload script. A remote user can upload a malicious file and execute it on the server.

2) Improper access control (CVE-ID: CVE-2022-1810)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can change the value of the article[id] parameter and modify and delete admin articles.

Remediation

Install update from vendor's website.

References

• https://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
• https://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c
• https://github.com/publify/publify/commit/c0aba87844d1e47da50c0d99a3465164a4d244ce
• https://huntr.dev/bounties/9b2d7579-032e-42da-b736-4b10a868eacb