SB2019031103 - Multiple vulnerabilities in SDCMS

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cross-site request forgery (CVE-ID: CVE-2019-9652)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and execute arbitrary PHP code on behalf of the victim on the vulnerable website by providing a filename via the "file" parameter and file content via the "t2" parameter.

2) Dangerous file upload (CVE-ID: CVE-2019-9651)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application does not perform a case sensitive validation of the file extension before allowing file upload within the check_bad() function in appadmincontroller hemecontroller.php file. A remote authenticated attacker can upload a PHP file to the system that contains system() PHP call and file extension ".PHP".

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://www.iwantacve.cn/index.php/archives/156/
• http://www.iwantacve.cn/index.php/archives/155/