cnvd - cnvd-2018-04547

cnvd-2018-04547

Vulnerability from cnvd

Title: Monstra CMS任意PHP代码执行漏洞

Description:

Monstra CMS是乌克兰软件开发者Sergey Romanenko所研发的一套基于PHP的轻量级内容管理系统（CMS）。该系统具有易于安装使用、可扩展等特点。

Monstra CMS 3.0.4及之前版本存在安全漏洞，该漏洞源于禁用类型列表中禁用了.php及相似的文件扩展但仍然可以使用.pht或.phar扩展。远程攻击者可通过上传文件利用该漏洞执行任意的PHP代码。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://monstra.org/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-6383

Impacted products

Name
Monstra Monstra CMS <=3.0.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6383"
    }
  },
  "description": "Monstra CMS\u662f\u4e4c\u514b\u5170\u8f6f\u4ef6\u5f00\u53d1\u8005Sergey Romanenko\u6240\u7814\u53d1\u7684\u4e00\u5957\u57fa\u4e8ePHP\u7684\u8f7b\u91cf\u7ea7\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\u8be5\u7cfb\u7edf\u5177\u6709\u6613\u4e8e\u5b89\u88c5\u4f7f\u7528\u3001\u53ef\u6269\u5c55\u7b49\u7279\u70b9\u3002\r\n\r\nMonstra CMS 3.0.4\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7981\u7528\u7c7b\u578b\u5217\u8868\u4e2d\u7981\u7528\u4e86.php\u53ca\u76f8\u4f3c\u7684\u6587\u4ef6\u6269\u5c55\u4f46\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528.pht\u6216.phar\u6269\u5c55\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4e0a\u4f20\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684PHP\u4ee3\u7801\u3002",
  "discovererName": "Hexife",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://monstra.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04547",
  "openTime": "2018-03-07",
  "products": {
    "product": "Monstra Monstra CMS \u003c=3.0.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-6383",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-30",
  "title": "Monstra CMS\u4efb\u610fPHP\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-6383 (GCVE-0-2018-6383)

Vulnerability from cvelistv5

Published

2018-01-29 18:00

Modified

2024-08-05 06:01

Severity ?

CWE

Summary

Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048.

References

▼	URL	Tags
	https://github.com/monstra-cms/monstra/issues/429	x_refsource_MISC
	http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.html	x_refsource_MISC
	https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-Exploit	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:49.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/monstra-cms/monstra/issues/429"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-Exploit"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Monstra CMS through 3.0.4 has an incomplete \"forbidden types\" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-28T12:29:29",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/monstra-cms/monstra/issues/429"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-Exploit"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Monstra CMS through 3.0.4 has an incomplete \"forbidden types\" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/monstra-cms/monstra/issues/429",
              "refsource": "MISC",
              "url": "https://github.com/monstra-cms/monstra/issues/429"
            },
            {
              "name": "http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162968/Monstra-CMS-3.0.4-Remote-Code-Execution.html"
            },
            {
              "name": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-Exploit",
              "refsource": "MISC",
              "url": "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2018-6383-Exploit"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6383",
    "datePublished": "2018-01-29T18:00:00",
    "dateReserved": "2018-01-29T00:00:00",
    "dateUpdated": "2024-08-05T06:01:49.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted