SB2018102928 - Multiple vulnerabilities in Yunucms

Security Bulletin ID SB2018102928

CSH Severity

High

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 vulnerabilities.

1) Code Injection (CVE-ID: CVE-2018-19180)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.

2) Path traversal (CVE-ID: CVE-2018-19181)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.

3) Cross-site scripting (CVE-ID: CVE-2018-18720)

The vulnerability allows a remote privileged user to read and manipulate data.

An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.

4) Cross-site scripting (CVE-ID: CVE-2018-18721)

The vulnerability allows a remote privileged user to read and manipulate data.

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

5) Cross-site scripting (CVE-ID: CVE-2018-18722)

The vulnerability allows a remote privileged user to read and manipulate data.

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.

6) Cross-site scripting (CVE-ID: CVE-2018-18723)

The vulnerability allows a remote privileged user to read and manipulate data.

An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.