Main Vulnerability Database Vulnerabilities #VU36461

Arbitrary file upload in MCMS - CVE-2018-18830

Published: October 30, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36461

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-18830

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ming-soft

Affected software:
MCMS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in commingsoftasicactionwebFileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.

How to mitigate CVE-2018-18830

Install update from vendor's website.

Sources

https://gitee.com/mingSoft/MCMS/issues/IO0IQ

Arbitrary file upload in MCMS - CVE-2018-18830

Detailed vulnerability description

How to mitigate CVE-2018-18830

Sources

Please verify you're human