Multiple vulnerabilities in Intelliants Subrion CMS



Published: 2018-08-02 | Updated: 2020-08-08
Risk High
Patch available NO
Number of vulnerabilities 7
CVE-ID CVE-2019-20389
CVE-2019-20390
CVE-2018-19422
CVE-2018-16327
CVE-2018-14840
CVE-2018-14835
CVE-2018-14836
CWE-ID CWE-79
CWE-352
CWE-434
CWE-269
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #5 is available.
Vulnerable software
Subscribe
Subrion CMS
Web applications / CMS

Vendor Intelliants

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU34384

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-20389

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://packetstormsecurity.com/files/157699/Subrion-CMS-4.2.1-Cross-Site-Scripting.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Cross-site request forgery

EUVDB-ID: #VU34385

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-20390

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://packetstormsecurity.com/files/157700/Subrion-CMS-4.2.1-Cross-Site-Request-Forgery.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Arbitrary file upload

EUVDB-ID: #VU36393

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-19422

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: Yes

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://github.com/intelliants/subrion/issues/801

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Cross-site scripting

EUVDB-ID: #VU36750

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16327

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://github.com/intelliants/subrion/issues/771

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Cross-site scripting

EUVDB-ID: #VU36798

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14840

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47
http://github.com/intelliants/subrion/issues/773
http://www.exploit-db.com/exploits/45150/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Cross-site scripting

EUVDB-ID: #VU36799

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14835

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://github.com/intelliants/subrion/issues/760
http://github.com/intelliants/subrion/pull/763/commits

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper Privilege Management

EUVDB-ID: #VU36800

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-14836

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Subrion CMS: 4.2.1


CPE2.3 External links

http://github.com/intelliants/subrion/issues/762

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###