Miggo Logo

CVE-2020-21489: Liufee CMS File Upload vulnerability

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.77777%
Published
6/20/2023
Updated
11/8/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
feehi/cmscomposer< 2.0.8.12.0.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient server-side validation during file uploads. The patch added 'beforeValidate()' methods to explicitly use UploadedFile::getInstance(), ensuring proper file handling. In vulnerable versions, the absence of these methods allowed attackers to bypass frontend restrictions. The Util::handleModelSingleFileUpload function saved files without validating their types, and the beforeSave methods in User/Article models triggered this insecure handling. The combination of missing UploadedFile validation and unrestricted Util function led to arbitrary file uploads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*il* Uplo** vuln*r**ility in Liu*** *MS, *K* ****i*ms v.*.*.* *llows * r*mot* *tt**k*r to *x**ut* *r*itr*ry *o** vi* t** `/**min/in**x.p*p?r=**min-us*r%**up**t*-s*l*` *ompon*nt.

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt s*rv*r-si** `v*li**tion` *urin* *il* uplo**s. T** p*t** ***** '***or*V*li**t*()' m*t*o*s to *xpli*itly us* `Uplo*****il*::**tInst*n**()`, *nsurin* prop*r *il* **n*lin*. In vuln*r**l* v*rsions, t** **s*n** o