Main Vulnerability Database Vulnerabilities #VU19980

Input validation error in Backdrop CMS - #VU19980

Published: August 8, 2019

Vulnerability identifier: #VU19980

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Backdrop CMS

Affected software:
Backdrop CMS

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable website.

The vulnerability exists due to insufficient validation of the uploaded files. A remote privileged attacker can upload and execute arbitrary PHP code on the server.

Successful exploitation of the vulnerability requires "Synchronize, import, and export configuration" permissions.

Remediation

Install updates from vendor's website.

Sources

https://backdropcms.org/security/backdrop-sa-core-2019-012

Input validation error in Backdrop CMS - #VU19980

Detailed vulnerability description

Remediation

Sources

Please verify you're human