CVE-2018-19404 — HIGH (7.2)

Vulnerability Description

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions.

CVSS Score

7.2

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Yxcms	Yxcms	1.4.7

Related Weaknesses (CWE)

CWE-94

References

https://github.com/HF9/yxcms-code-audit/blob/master/Any%20PHP%20Code%20ExecutionExploitThird Party Advisory
https://github.com/HF9/yxcms-code-audit/blob/master/Any%20PHP%20Code%20ExecutionExploitThird Party Advisory

FAQ

What is CVE-2018-19404?

CVE-2018-19404 is a vulnerability with a CVSS score of 7.2 (HIGH). In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hostin...

How severe is CVE-2018-19404?

CVE-2018-19404 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19404?

Check the references section above for vendor advisories and patch information. Affected products include: Yxcms Yxcms.