CVE-2018-20159 — HIGH (7.2)

Vulnerability Description

i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the ".zip" file to be accepted, it must also contain a package.json file.

CVSS Score

7.2

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
I-Doit	I-Doit	1.11.2

Related Weaknesses (CWE)

CWE-20

References

https://pentest.com.tr/exploits/i-doit-CMDB-1-11-2-Remote-Code-Execution.htmlExploitThird Party Advisory
https://www.exploit-db.com/exploits/45957ExploitThird Party AdvisoryVDB Entry
https://pentest.com.tr/exploits/i-doit-CMDB-1-11-2-Remote-Code-Execution.htmlExploitThird Party Advisory
https://www.exploit-db.com/exploits/45957ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-20159?

CVE-2018-20159 is a vulnerability with a CVSS score of 7.2 (HIGH). i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to...

How severe is CVE-2018-20159?

CVE-2018-20159 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20159?

Check the references section above for vendor advisories and patch information. Affected products include: I-Doit I-Doit.