3 matches found
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...
CVE-2018-20159
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a ".zip" file...
CVE-2018-20159
The CVE-2018-20159 entry concerns i-doit open 1.11.2. Affected component: the web upload functionality in /admin/?req=modules&action=add, which accepts ZIP archives. Root cause: ZIP handling mishandling allows an authenticated user with administrator role to upload arbitrary files to the main web...