Main Vulnerability Database Exploits ID:9220 - Exploit for Arbitrary file upload in Subrion CMS - CVE-2018-19422

ID:9220 - Exploit for Arbitrary file upload in Subrion CMS - CVE-2018-19422

Published: August 3, 2023

Vulnerability identifier: #VU36393

Vulnerability risk: Medium

CVE-ID: CVE-2018-19422

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
Subrion CMS

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/subrion_cms_file_upload_rce

Vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

Remediation

Install update from vendor's website.

ID:9220 - Exploit for Arbitrary file upload in Subrion CMS - CVE-2018-19422

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human