oss-sec mailing list archives
Re: CVE request: XSS to RCE in PHP-Fusion 9
From: cve-assign () mitre org
Date: Sun, 29 Nov 2015 09:55:29 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I discovered a stored XSS vulnerability in PHP-Fusion 9
This breaks a trust boundary as a user with access to only the robots.txt editor can use this to escalate their privileges, read files or gain a reverse TCP shell on the server.
The robots.txt editor fails to sanitize the robots.txt file content as it loads the <textarea> content.
https://gist.github.com/bscarvell/57f82000bf823071404e https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66
Use CVE-2015-8375. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWWxF1AAoJEL54rhJi8gl52OgP/03FYNypbRsa/2VSs+EM0AYn 2aQEPy+BXrmWiIs9Vcuj/ezzlifJaq7KyneXL+KptCvtYsUDFhIzsKgoJOmsitHR l1rJlBeLd97RLjYydIBRgPN7jciP8Y1yMy92NFj+BtuCVVmShWSDm4aMsT5Tu6qD PmDiaKublDrNeMrVKUKVel7PNLlqbBTVq9aDK+yWc1GW/q9mf9k2m9wOJibM0uOX KaOXk7t5sJA74rq0xjagL4QMOgaTS5maGHXepaUNDUlJwU2+WH8cJgxgaeRnJkjI 6/vqZieX7/d+/8Yhcsxuuc8wCFA1lmMyqvna6HUobhEI1QD25FGKa7lgaCqD7uzF 042IAkOYSAgV0YLQgqudH/wK55iBHOCZqhvwW635kz6nEba2aYJuD34ejDytr9qj lKrqjtB0dIM3fjwEfD+gdiTsOjUc8S/obde2LHZf1b4LjwVXfhXTcBLh8zR9yVWS 334Lc+qXdtBuHrkQ03e549jAhDTO5RzU47vvPLaPhyRNf7A9V1MtBvYhdR5/nGTr 2mYKZl+maFFgXuqaoDS2hbvLGC3ZRK54a+vrpvCk226rhyRYRLTLTFPwGBtO0+1a 37fA62qEhD5xlx6zhwvdCHoocQws2iJoPPvSbJJL2XjasR+lDcsrvavnemUgC3ty KQd5Jont7rwsrdGid64B =GKmD -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS to RCE in PHP-Fusion 9 Brendan Scarvell (Nov 27)
- Re: CVE request: XSS to RCE in PHP-Fusion 9 cve-assign (Nov 29)