CVE-2018-15601: Elefant CMS Improper Input Validation
9.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.61972%
CWE
Published
5/14/2022
Updated
7/25/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
elefant/cms | composer | <= 2.0.3 | 2.0.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from procedural code flow in apps/filemanager/handlers/upload/drop.php rather than a specific named function. The improper validation occurs because the file extension check (via preg_match) is performed on $_FILES['file']['name'] before urldecode() is applied to the filename. This allows attackers to bypass executable file restrictions using URL-encoded filenames. While the code block containing preg_match('/.(php5?|phtml|js|rb|py|pl|sh|bash|exe)$/i') is critical to the vulnerability, it is not encapsulated in a discrete named function but exists in the main script execution path.