Vulnerability Description
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silverpeas | Silverpeas | >= 5.15, <= 6.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/Silverpeas/Silverpeas-Core/blob/d8c3bbb0695a4907db013401bd16cPatchThird Party Advisory
- https://www.bishopfox.com/news/2019/01/silverpeas-5-15-to-6-0-2-path-traversal/ExploitThird Party Advisory
- https://github.com/Silverpeas/Silverpeas-Core/blob/d8c3bbb0695a4907db013401bd16cPatchThird Party Advisory
- https://www.bishopfox.com/news/2019/01/silverpeas-5-15-to-6-0-2-path-traversal/ExploitThird Party Advisory
FAQ
What is CVE-2018-19586?
CVE-2018-19586 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a St...
How severe is CVE-2018-19586?
CVE-2018-19586 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-19586?
Check the references section above for vendor advisories and patch information. Affected products include: Silverpeas Silverpeas.