SB2018080214 - Multiple vulnerabilities in Intelliants Subrion CMS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018080214

SB2018080214 - Multiple vulnerabilities in Intelliants Subrion CMS

Published: August 2, 2018 Updated: August 3, 2023

Security Bulletin ID SB2018080214
Severity
High
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 14% Medium 29% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2019-20389)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.


2) Cross-site request forgery (CVE-ID: CVE-2019-20390)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.


3) Arbitrary file upload (CVE-ID: CVE-2018-19422)

The vulnerability allows a remote privileged user to execute arbitrary code.

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.


4) Cross-site scripting (CVE-ID: CVE-2018-16327)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


5) Cross-site scripting (CVE-ID: CVE-2018-14840)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Cross-site scripting (CVE-ID: CVE-2018-14835)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


7) Improper Privilege Management (CVE-ID: CVE-2018-14836)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References