•  
      request #10159 OS command injection through the SyntaxHighlighter plugin of PHPWiki
    Infos
    #10159
    Thomas Gerbet (tgerbet)
    2017-04-28 23:21
    2017-04-19 11:57
    10351
    Details
    OS command injection through the SyntaxHighlighter plugin of PHPWiki

    A command injection can be achieved by any user that can edit a PHPWiki page in a project.

    Impact

    An attacker could use this vulnerability to execute code on the server as the codendiadm user.
    CVSSv3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Exploitation

    Create a PHPWiki page and put something like <?plugin SyntaxHighlighter syntax=";id" a ?> in it.

    References

    The CVE ID CVE-2017-7981 has been attributed to this vulnerability.

    CWE-78

    Credit

    Thank you to Ben Nott (pajexali@gmail.com) to report and coordinate with us the disclosure of this vulnerability.

    Doc/Wiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-04-21
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-04-24 10:53
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2017-04-24 10:44
    • Summary
      -Remote code execution through the SyntaxHighlighter plugin of PHPWiki 
      +OS command injection through the SyntaxHighlighter plugin of PHPWiki 
    User avatar
    Thomas Gerbet (tgerbet)2017-04-21 14:32
    Add CVE ID.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2017-04-21 08:54
    Credit Ben Nott for the vulnerability finding and reporting.

    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes