#VU1364 Unrestricted file upload in PhpWiki
Vulnerability identifier: #VU1364
Vulnerability risk: Critical
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-434
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
PhpWiki
Web applications /
CMS
Vendor: Marc-Etienne Vargenau
Description
The vulnerability allows a remote attacker to execute arbitrary OS commands on vulnerable system.
The vulnerability exists due to insufficient sanitization of filename extension in lib/plugin/UpLoad.php when uploading files via UpLoad feature. A remote attacker can use php3 extension to bypass implemented protection mechanism, upload and execute malicious PHP file on vulnerable system.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary OS commands vulnerable system with privileges of the web server account.
Note: this vulnerability is being actively exploited.
Mitigation
Install update from vendor's website.
Vulnerable software versions
PhpWiki: 1.3.11p1
External links
http://www.securityfocus.com/archive/1/archive/1/465550/100/0/threaded
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
