File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.
References
Link | Resource |
---|---|
https://github.com/ttimot24/HorizontCMS | Product |
https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-04-05 09:15
Updated : 2022-04-15 13:16
NVD link : CVE-2021-28428
Mitre link : CVE-2021-28428
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
horizontcms_project
- horizontcms