Vulnerability Description
A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by composing a request for a .txt upload and then changing it to a .php upload. The attacker must have admin access to change the upload_file_ext (aka "Allow upload file suffix") setting, and must use "php,php" in this setting to bypass the "php" restriction.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ukcms | Ukcms | <= 1.1.7 |
Related Weaknesses (CWE)
References
- https://github.com/yxcmf/ukcms/issues/1ExploitIssue TrackingThird Party Advisory
- https://github.com/yxcmf/ukcms/issues/1ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2018-14911?
CVE-2018-14911 is a vulnerability with a CVSS score of 7.2 (HIGH). A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload ...
How severe is CVE-2018-14911?
CVE-2018-14911 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14911?
Check the references section above for vendor advisories and patch information. Affected products include: Ukcms Ukcms.