Vulnerabilites related to flexdotnetcms_project - flexdotnetcms
Vulnerability from fkie_nvd
Published
2020-11-12 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexdotnetcms_project | flexdotnetcms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A001B50-2AB2-41AF-ADAD-124BDD526B7E",
"versionEndExcluding": "1.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager\u0027s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /\u003cpath_to_file\u003e."
},
{
"lang": "es",
"value": "Un problema de carga de archivos sin restricciones en FlexDotnetCMS versiones anteriores a v1.5.9, permite a un atacante remoto autenticado cargar y ejecutar archivos arbitrarios utilizando FileManager para cargar c\u00f3digo malicioso (por ejemplo, c\u00f3digo ASP) en forma de un tipo de archivo seguro (por ejemplo, un archivo TXT), y luego usar FileEditor (en versiones v1.5.8 y anteriores) o la funci\u00f3n de cambio de nombre del FileManager (en versiones v1.5.7 y anteriores) para cambiar el nombre del archivo a una extensi\u00f3n ejecutable (por ejemplo, ASP), y finalmente ejecutar el archivo por medio de una petici\u00f3n HTTP GET hacia /(path_to_file)"
}
],
"id": "CVE-2020-27386",
"lastModified": "2024-11-21T05:21:08.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T19:15:15.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-12 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.vonahi.io/whats-in-a-re-name/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.vonahi.io/whats-in-a-re-name/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| flexdotnetcms_project | flexdotnetcms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flexdotnetcms_project:flexdotnetcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0090F7-7399-49B8-9CC8-D1B29F405F62",
"versionEndExcluding": "1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\\u003cfile\u003e in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\\u003cfile\u003e). The files can then be edited via the FileEditor."
},
{
"lang": "es",
"value": "Un Control de Acceso Incorrecto en FileEditor (/Admin/Views/FileEditor/) en FlexDotnetCMS versiones anteriores a v1.5.11, permite a un atacante remoto autenticado leer y escribir en archivos existentes fuera de la web root.\u0026#xa0;Los archivos pueden ser accedidos por medio de un salto de directorio, es decir, ingresando una ruta .. (punto punto) como ..\\..\\..\\..\\..\\(file) en el campo de entrada del FileEditor.\u0026#xa0;En FlexDotnetCMS versiones anteriores a v1.5.8, tambi\u00e9n es posible acceder a los archivos especificando la ruta completa (por ejemplo, C:\\(archivo)).\u0026#xa0;Luego, los archivos pueden luego ser editados por medio del FileEditor"
}
],
"id": "CVE-2020-27385",
"lastModified": "2024-11-21T05:21:08.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-12T19:15:15.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-27386
Vulnerability from cvelistv5
Published
2020-11-12 18:15
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9 | x_refsource_MISC | |
| https://blog.vonahi.io/whats-in-a-re-name/ | x_refsource_MISC | |
| https://github.com/rapid7/metasploit-framework/pull/14339 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14339"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager\u0027s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /\u003cpath_to_file\u003e."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T18:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14339"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager\u0027s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /\u003cpath_to_file\u003e."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9",
"refsource": "MISC",
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.9"
},
{
"name": "https://blog.vonahi.io/whats-in-a-re-name/",
"refsource": "MISC",
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14339",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14339"
},
{
"name": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160411/FlexDotnetCMS-1.5.8-Arbitrary-ASP-File-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27386",
"datePublished": "2020-11-12T18:15:14",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27385
Vulnerability from cvelistv5
Published
2020-11-12 18:24
Modified
2024-08-04 16:11
Severity ?
EPSS score ?
Summary
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11 | x_refsource_MISC | |
| https://blog.vonahi.io/whats-in-a-re-name/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\\u003cfile\u003e in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\\u003cfile\u003e). The files can then be edited via the FileEditor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-12T18:24:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\\..\\..\\..\\..\\\u003cfile\u003e in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\\\u003cfile\u003e). The files can then be edited via the FileEditor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11",
"refsource": "MISC",
"url": "https://github.com/MacdonaldRobinson/FlexDotnetCMS/releases/tag/v1.5.11"
},
{
"name": "https://blog.vonahi.io/whats-in-a-re-name/",
"refsource": "MISC",
"url": "https://blog.vonahi.io/whats-in-a-re-name/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27385",
"datePublished": "2020-11-12T18:24:06",
"dateReserved": "2020-10-21T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}