•  
      request #10159 OS command injection through the SyntaxHighlighter plugin of PHPWiki
    Infos
    #10159
    Thomas Gerbet (tgerbet)
    2017-04-28 23:21
    2017-04-19 11:57
    9367
    Details
    OS command injection through the SyntaxHighlighter plugin of PHPWiki

    A command injection can be achieved by any user that can edit a PHPWiki page in a project.

    Impact

    An attacker could use this vulnerability to execute code on the server as the codendiadm user.
    CVSSv3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Exploitation

    Create a PHPWiki page and put something like <?plugin SyntaxHighlighter syntax=";id" a ?> in it.

    References

    The CVE ID CVE-2017-7981 has been attributed to this vulnerability.

    CWE-78

    Credit

    Thank you to Ben Nott (pajexali@gmail.com) to report and coordinate with us the disclosure of this vulnerability.

    Empty
    Doc/Wiki
    All
    Empty
    Empty
    Stage
    Empty
    Closed
    2017-04-21
    Attachments
    Empty
    References

    Follow-ups

    • User avatar
      Public disclosure.
    • User avatar
      • Original Submission
    • User avatar
      • Summary
        -Remote code execution through the SyntaxHighlighter plugin of PHPWiki 
        +OS command injection through the SyntaxHighlighter plugin of PHPWiki 
    • User avatar
      Add CVE ID.

      • Original Submission
    • User avatar
      Credit Ben Nott for the vulnerability finding and reporting.

      • Original Submission
    • User avatar
      • Status changed from Under review to Closed
      • Connected artifacts
      • Close date set to 2017-04-21
    • User avatar
      gerrit #8245 integrated into Tuleap 9.6.99.121
      gerrit #8243 integrated into Tuleap 9.6.99.122
    • User avatar
      gerrit #8244 integrated into Tuleap 9.6.99.119
    • User avatar
      Removal of plugins TexToPng and TeX2png: gerrit #8245.
    • User avatar
      Removal of plugins VisualWiki and GraphViz: gerrit #8244.
    • User avatar
      last edited by: Thomas Gerbet (tgerbet) 1 year ago
      A patch is under review: gerrit #8243.

      • Status changed from Under implementation to Under review