Vulnerability identifier: #VU23684

Vulnerability risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Backdrop CMS
Web applications / CMS

Vendor: Backdrop CMS

Description

The vulnerability allows a remote attacker to compromise the affected website.

The vulnerability exists due to insufficient validation of user-supplied archives. A remote authenticated user can upload a specially crafted archive and execute arbitrary code on the server.

This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Backdrop CMS: 1.14.0 - 1.14.1, 1.13.0 - 1.13.4

---

External links
http://backdropcms.org/security/backdrop-sa-core-2019-016

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.