Remote Code Execution Vulnerability in e107 CMS by e107 Inc.
CVE-2018-16388

7.2HIGH

Key Information:

Vendor: E107
Status: E107
Vendor: CVE Published:; 12 September 2018

What is CVE-2018-16388?

A vulnerability in e107 CMS version 2.1.8 permits remote attackers to execute arbitrary PHP code. This is achieved by uploading a file with a .php extension while the server wrongly validates the content type, allowing for the execution of potentially malicious scripts on the server. This flaw poses significant risks as it can lead to unauthorized access and control over the affected web application.

References

https://gist.github.com/ommadawn46/5cb22e7c66cc32a5c7734a...

x_refsource_MISC

https://github.com/e107inc/e107/commit/e5bb5297f68e56537c...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2018
Vulnerability Reserved
Sep 2, 2018

CVE-2018-16388 Data

JSON

E107

What is CVE-2018-16388?

References

CVSS V3.1

Timeline