CPE matches: cpe:2.3:a:bagesoft:bagecms:*:*:*:*:*:*:*:* && versionEndIncluding=3.1.4
Description
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network but requires the attacker to have administrative privileges.
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'):
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
References
CPE matches: cpe:2.3:a:bagesoft:bagecms:3.1.3:*:*:*:*:*:*:*
Description
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-352, Cross-Site Request Forgery (CSRF):
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
References
CPE matches: cpe:2.3:a:bagesoft:bagecms:3.1.3:*:*:*:*:*:*:*
Description
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-352, Cross-Site Request Forgery (CSRF):
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
References
CPE matches: cpe:2.3:a:bagesoft:bagecms:3.1.3:*:*:*:*:*:*:*
Description
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-94, Improper Control of Generation of Code ('Code Injection'):
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
References
CPE matches: cpe:2.3:a:bagesoft:bagecms:3.1.3:*:*:*:*:*:*:*
Description
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.
Damage
- Complete loss of protection.
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (CVSSv3)
Type of bug(s)
- CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'):
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
References
CPE matches: cpe:2.3:a:bagesoft:bagecms:3.1.3:*:*:*:*:*:*:*
Description
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
Damage
- Complete loss of protection.
- Access to all information.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-352, Cross-Site Request Forgery (CSRF):
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
References
