Arbitrary file upload in CuteNews - CVE-2019-11447
Published: April 22, 2019 / Updated: October 18, 2021
Vulnerability identifier: #VU35981
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2019-11447
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: CutePHP Team
Affected software:
CuteNews
CuteNews
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code.
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
How to mitigate CVE-2019-11447
Install update from vendor's website.