Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for MTAppjQuery by bit part LLC.

jvndb-2018-000080

Vulnerability from jvndb

Published

2018-07-18 15:35

Modified

2019-07-26 15:23

Severity ?

7.3 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Movable Type plugin MTAppjQuery vulnerable to PHP code execution

Details

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file (CWE-434), which may lead to arbitrary PHP code execution if MTAppjQuery is used. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN62423700/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0645
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0645
	Sucuri	https://blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

bit part LLC.

MTAppjQuery

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000080.html",
  "dc:date": "2019-07-26T15:23+09:00",
  "dcterms:issued": "2018-07-18T15:35+09:00",
  "dcterms:modified": "2019-07-26T15:23+09:00",
  "description": "MTAppjQuery provided by bit part LLC is a plugin for Movable Type.  An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file (CWE-434), which may lead to arbitrary PHP code execution if MTAppjQuery is used.\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000080.html",
  "sec:cpe": {
    "#text": "cpe:/a:bit-part:mtappjquery",
    "@product": "MTAppjQuery",
    "@vendor": "bit part LLC.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000080",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN62423700/index.html",
      "@id": "JVN#62423700",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0645",
      "@id": "CVE-2018-0645",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0645",
      "@id": "CVE-2018-0645",
      "@source": "NVD"
    },
    {
      "#text": "https://blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html",
      "@id": "Uploadify, Uploadify and Uploadify - The New TimThumb?",
      "@source": "Sucuri"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    }
  ],
  "title": "Movable Type plugin MTAppjQuery vulnerable to PHP code execution"
}