Miggo Logo

CVE-2018-15601: Elefant CMS Improper Input Validation

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.61972%
Published
5/14/2022
Updated
7/25/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
elefant/cmscomposer<= 2.0.32.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from procedural code flow in apps/filemanager/handlers/upload/drop.php rather than a specific named function. The improper validation occurs because the file extension check (via preg_match) is performed on $_FILES['file']['name'] before urldecode() is applied to the filename. This allows attackers to bypass executable file restrictions using URL-encoded filenames. While the code block containing preg_match('/.(php5?|phtml|js|rb|py|pl|sh|bash|exe)$/i') is critical to the vulnerability, it is not encapsulated in a discrete named function but exists in the main script execution path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`*pps/*il*m*n***r/**n*l*rs/uplo**/*rop.p*p` in *l***nt *MS *.*.* p*r*orms * url***o** st*p too l*t* in t** "**nnot uplo** *x**ut**l* *il*s" prot**tion m****nism.

Reasoning

T** vuln*r**ility st*ms *rom pro***ur*l *o** *low in *pps/*il*m*n***r/**n*l*rs/uplo**/*rop.p*p r*t**r t**n * sp**i*i* n*m** *un*tion. T** improp*r v*li**tion o**urs ****us* t** *il* *xt*nsion ****k (vi* pr**_m*t**) is p*r*orm** on $_*IL*S['*il*']['n*