admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-15 00:10:05 -05:00
parent 86145621b8
commit 7f6e3e4d06
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2018/20xxx/CVE-2018-20159.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a \".php\" file within a \".zip\" file because a ZIP archive is accepted by /admin/?req=modules&action=add as a plugin, and extracted to the main directory. In order for the \".zip\" file to be accepted, it must also contain a package.json file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45957",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45957"
},
{
"name" : "https://pentest.com.tr/exploits/i-doit-CMDB-1-11-2-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "https://pentest.com.tr/exploits/i-doit-CMDB-1-11-2-Remote-Code-Execution.html"
}
]
}
}