{
  "id": "CVE-2018-16636",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-12-10T19:29:25.297",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en MISP en versiones 2.4.9x anteriores a la 2.4.99. En app/Model/Event.php (el c\u00f3digo de importaci\u00f3n STIX 1), una cadena de nombre de archivo sin escapar se emplea para construir un comando shell. Esta vulnerabilidad puede ser aprovechada por un usuario autenticado malicioso para ejecutar comandos arbitrarios cambiando el nombre de archivo original de la importaci\u00f3n STIX."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nucleuscms:nucleus_cms:3.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F233CA-7E3D-4C07-868D-962CB9D589D8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/NucleusCMS/NucleusCMS/issues/84",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/security-breachlock/CVE-2018-16636/blob/master/nucleus_html.pdf",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}