9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-16974

GHSA ID

GHSA-77j2-7whr-6vpx

EPSS Score

0.50087%

CWE

CWE-434

Published

5/14/2022

Updated

7/25/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-16974

CVE-2018-16974:
Elefant CMS Code Execution Vulnerability

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).

(GitHub Advisory)

9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-16974

GHSA ID

GHSA-77j2-7whr-6vpx

EPSS Score

0.50087%

CWE

CWE-434

Published

5/14/2022

Updated

7/25/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
elefant/cms	composer	< 2.0.7	2.0.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

post_rm in API.php allowed critical .htaccess deletion due to insufficient input validation (no trimming/whitelisting).
upload/drop.php's filename validation used urldecode() without trim(), letting attackers bypass .php blacklist with trailing spaces.
FileManager::verify_file_name's regex didn't account for space-based extension hiding or protect .htaccess files. The commit diff shows these were all addressed by adding trim() calls and expanding blacklist patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *l***nt *MS ***or* *.*.*. T**r* is * P*P *o** *x**ution Vuln*r**ility in `*pps/*il*m*n***r/uplo**/*rop.p*p` *y usin* `/*il*m*n***r/*pi/rm/.*t****ss` to r*mov* t** .*t****ss *il*, *n* t**n usin* * *il*n*m* t**t *n*s in .p*p

Reasoning

*. post_rm in *PI.p*p *llow** *riti**l .*t****ss **l*tion *u* to insu**i*i*nt input v*li**tion (no trimmin*/w*it*listin*). *. uplo**/*rop.p*p's *il*n*m* v*li**tion us** url***o**() wit*out trim(), l*ttin* *tt**k*rs *yp*ss .p*p *l**klist wit* tr*ilin*

9.8

Basic Information

Concerned about an active attack path?

CVE-2018-16974: Elefant CMS Code Execution Vulnerability

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-16974:
Elefant CMS Code Execution Vulnerability

Vulnerability Intelligence
Miggo AI