Multiple vulnerabilities in Backdrop CMS



Published: 2019-08-08 | Updated: 2020-07-17
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-14769
CVE-2019-14771
CWE-ID CWE-79
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Backdrop CMS
Web applications / CMS

Vendor Backdrop CMS

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU30828

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14769

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)

Mitigation

Install update from vendor's website.

Vulnerable software versions

Backdrop CMS: 1.13.0 - 1.13.2

External links

http://backdropcms.org/security/backdrop-sa-core-2019-011


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU30829

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14771

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.)

Mitigation

Install update from vendor's website.

Vulnerable software versions

Backdrop CMS: 1.13.0 - 1.13.2

External links

http://backdropcms.org/security/backdrop-sa-core-2019-012


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###