7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.026 Low
EPSS
Percentile
89.2%
High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise vulnerable web application and even entire web server on which the application is hosted.
The vulnerability exists due to the absence of filtration of the “defaultlanguage” HTTP GET parameter received from the user before including PHP file using the “include()” PHP function in “/pages/setup.php” script. The installation script “/pages/setup.php” remains on the system after installation by default and is remotely accessible to non-authenticated users.
A simple PoC below includes a local file “/tmp/file.php”:
http://[host]/pages/setup.php?defaultlanguage=…/…/…/…/…/tmp/file
CPE | Name | Operator | Version |
---|---|---|---|
resourcespace | le | 7.1.6513 |