#VU35981 Arbitrary file upload in CuteNews - CVE-2019-11447
Published: April 22, 2019 / Updated: October 18, 2021
Vulnerability identifier: #VU35981
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2019-11447
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
CuteNews
CuteNews
Software vendor:
CutePHP Team
CutePHP Team
Description
The vulnerability allows a remote authenticated user to execute arbitrary code.
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Remediation
Install update from vendor's website.