0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Typesetter CMS 5.1 Remote Code Execution Vulnerability
Author
Risk
[Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
=====[ Tempest Security Intelligence - ADV-09/2020 ]========================== Typesetter CMS Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Unrestricted Upload of File with Dangerous CWE-434 * CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2020-25790 =====[ Overview]======================================================== * System affected : Typesetter - Version 5.1 * Software Version : Version 5.1 * Impact : Typesetter 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by upload a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system. =====[ Detailed description]================================================= The CMS Typesetter has functionality (web interface) where it is possible through an account with privileges to perform uploads. Through this functionality, it is possible to upload a .zip file that contains a malicious .php file. In the same functionality, there is also the possibility to extract the file through the same web interface, the attacker only needs to extract the .zip that was previously loaded and click on the malicious .php file to execute commands in the operating system. =====[ Timeline of disclosure]=============================================== 18/Sep/2020 - Responsible disclosure was initiated with the vendor. 18/Sep/2020 - Typesetter confirmed the issue; 18/Sep/2019 - The vendor fixed the vulnerability in version 5.2. 19/Sep/2020 - CVE was assigned as CVE-2020-25790 =====[ Thanks & Acknowledgements]======================================== * Tempest Security Intelligence [4] =====[ References ]===================================================== [1][ https://cwe.mitre.org/data/definitions/434.html|https://cwe.mitre.org/data/definitions/434.html] [2][ https://github.com/Typesetter/Typesetter/issues/674|https://github.com/Typesetter/Typesetter/issues/674] [3][ http://www.tempest.com.br|http://www.tempest.com.br/] =====[ EOF ]=========================================================== # 0day.today [2024-11-15] #