Miggo Logo
Miggo Vulnerability Database
CVE-2019-14315

CVE-2019-14315: SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-14315
GHSA ID
GHSA-vwh5-78jc-hpjx
EPSS Score
0.4103%
CWE
CWE-79
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
sunhater/kcfindercomposer<= 3.20-test2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of the CKEditorFuncNum parameter in upload.php. Analysis of the GitHub issue #180 and PR #186 shows the XSS occurs because:

  1. The $_GET['CKEditorFuncNum'] parameter is stored without sanitization in uploader.php
  2. This value is later used in a JavaScript context in the response generation
  3. The fix involved adding htmlentities() and character filtering for this parameter
  4. The vulnerable code path starts in the uploader class constructor where the parameter is first processed, making this the root vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-sit* s*riptin* (XSS) vuln*r**ility in uplo**.p*p in Sun**t*r K**in**r *.**-t*st*, *.**-t*st*, *.**, *n* **rli*r *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** *K**itor*un*Num p*r*m*t*r.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* t** *K**itor*un*Num p*r*m*t*r in uplo**.p*p. *n*lysis o* t** *it*u* issu* #*** *n* PR #*** s*ows t** XSS o**urs ****us*: *. T** $_**T['*K**itor*un*Num'] p*r*m*t*r is stor** wit*out s*nitiz*tion in up