Multiple vulnerabilities in Publify

Published: 2022-05-25

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2022-1811 CVE-2022-1810
CWE-ID	CWE-434 CWE-284
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available.
Vulnerable software Subscribe	Publify Web applications / Modules and components for CMS
Vendor	Publify

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Arbitrary file upload

EUVDB-ID: #VU63675

Risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1811

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the resources/upload script. A remote user can upload a malicious file and execute it on the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Publify: 9.0.0 - 9.2.8

External links

http://github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
http://huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper access control

EUVDB-ID: #VU63676

Risk: Medium

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1810

CWE-ID: CWE-284 - Improper Access Control