Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-16113: Bludit v3.9.2 Code Execution Vulnerability in "Upload function" · Issue #1081 · bludit/bludit

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a …/ pathname.

CVE
#vulnerability#git#php#rce

A Code Execution Vulnerability in Bludit v3.9.2

Hi,
For CVE ID,so I open a new issue,sorry about that.And I think you haven’t completely fixed the bug.

There is a new Code Execution Vulnerability which allow to get server permissions,the path is /bl-kernel/admin/ajax/upload-images.php

1, login with any account which allows you to edit conten

image

2.upload the evil jpg

We can specify the location of the uploaded file by changing the value of the uuid,then upload the evil picture to tmp folder
image
image

3.upload both the.htaccess file and the access target jpg

image
image

image
Successfully reverted to the target file

4. Access the evil file that are written through jpg

image

So I recommend checking the file before uploading it to temporary directory

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907