CVE-2021-44664

{"id": "CVE-2021-44664", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-02-24T21:15:07.623", "references": [{"url": "http://packetstormsecurity.com/files/166182/Xerte-3.9-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/1672d6f46bbd6f6d42f0903ce9a313927ae2836b#diff-27433bb0be90e431d40986f9afebe9ee2f8d1025a7f9e55c3cd7a86f1f8e3fdc", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/6daeb81d089d4a561e22f931fff1327660a7d1b5", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://riklutz.nl/2021/11/03/authenticated-file-upload-to-remote-code-execution-in-xerte/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/166182/Xerte-3.9-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/1672d6f46bbd6f6d42f0903ce9a313927ae2836b#diff-27433bb0be90e431d40986f9afebe9ee2f8d1025a7f9e55c3cd7a86f1f8e3fdc", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/thexerteproject/xerteonlinetoolkits/commit/6daeb81d089d4a561e22f931fff1327660a7d1b5", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://riklutz.nl/2021/11/03/authenticated-file-upload-to-remote-code-execution-in-xerte/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remoto Autenticado (RCE) en Xerte versiones hasta 3.9, en el archivo website_code/php/import/fileupload.php al subir un archivo PHP maliciosamente dise\u00f1ado mediante la interfaz del proyecto disfrazado como un archivo de lenguaje para omitir los filtros de subida. Los atacantes pueden manipular el destino de los archivos al abusar del salto de ruta en la variable \"mediapath\""}], "lastModified": "2024-11-21T06:31:20.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xerte:xerte:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D2AAB65-A809-4779-8476-15D5332073F9", "versionEndIncluding": "3.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}