Lucene search

[email protected]CVE-2018-12914

HistoryJun 27, 2018 - 6:29 p.m.

CVE-2018-12914

2018-06-2718:29:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2018-12914

publiccms

rce

zip archive

directory traversal

.jsp file

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, the attacker can execute arbitrary code by visiting a .jsp URI.

Affected configurations

NVD

Node

publiccmspubliccmsMatch4.0.20180210

CPENameOperatorVersion
publiccms:publiccmspubliccmseq4.0.20180210

CPE	Name	Operator	Version
publiccms:publiccms	publiccms	eq	4.0.20180210

References

github.com/sanluan/PublicCMS/issues/13

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2018-12914

nvd1 cvelist1 prion1