Multiple vulnerabilities in Intelliants Subrion CMS
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-20389 CVE-2019-20390 CVE-2018-19422 CVE-2018-16327 CVE-2018-14840 CVE-2018-14835 CVE-2018-14836 |
| CWE-ID | CWE-79 CWE-352 CWE-434 CWE-269 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Subrion CMS Web applications / CMS |
| Vendor | Intelliants |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU34384
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20389
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
MitigationInstall update from vendor's website.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://packetstormsecurity.com/files/157699/Subrion-CMS-4.2.1-Cross-Site-Scripting.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU34385
Risk: High
CVSSv3.1: 7.4 [AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-20390
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://packetstormsecurity.com/files/157700/Subrion-CMS-4.2.1-Cross-Site-Request-Forgery.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Arbitrary file upload
EUVDB-ID: #VU36393
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2018-19422
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code.
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
MitigationInstall update from vendor's website.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://github.com/intelliants/subrion/issues/801
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
4) Cross-site scripting
EUVDB-ID: #VU36750
Risk: Low
CVSSv3.1: 4.4 [AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-16327
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://github.com/intelliants/subrion/issues/771
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU36798
Risk: Low
CVSSv3.1: 5.8 [AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-14840
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47
http://github.com/intelliants/subrion/issues/773
http://www.exploit-db.com/exploits/45150/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Cross-site scripting
EUVDB-ID: #VU36799
Risk: Low
CVSSv3.1: 5 [AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-14835
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://github.com/intelliants/subrion/issues/760
http://github.com/intelliants/subrion/pull/763/commits
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Privilege Management
EUVDB-ID: #VU36800
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14836
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to the Admin panel.
MitigationInstall update from vendor's website.
Vulnerable software versionsSubrion CMS: 4.2.1
External linkshttp://github.com/intelliants/subrion/issues/762
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
