oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS to RCE in PHP-Fusion 9

From: cve-assign () mitre org
Date: Sun, 29 Nov 2015 09:55:29 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I discovered a stored XSS vulnerability in PHP-Fusion 9



This breaks a trust boundary as a user with access to only the robots.txt
editor can use this to escalate their privileges, read files or gain a
reverse TCP shell on the server.



The robots.txt editor fails to sanitize the robots.txt file content as it
loads the <textarea> content.



https://gist.github.com/bscarvell/57f82000bf823071404e
https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce791e2392d5a23a6d62ab65c481cdd6a66


Use CVE-2015-8375.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWWxF1AAoJEL54rhJi8gl52OgP/03FYNypbRsa/2VSs+EM0AYn
2aQEPy+BXrmWiIs9Vcuj/ezzlifJaq7KyneXL+KptCvtYsUDFhIzsKgoJOmsitHR
l1rJlBeLd97RLjYydIBRgPN7jciP8Y1yMy92NFj+BtuCVVmShWSDm4aMsT5Tu6qD
PmDiaKublDrNeMrVKUKVel7PNLlqbBTVq9aDK+yWc1GW/q9mf9k2m9wOJibM0uOX
KaOXk7t5sJA74rq0xjagL4QMOgaTS5maGHXepaUNDUlJwU2+WH8cJgxgaeRnJkjI
6/vqZieX7/d+/8Yhcsxuuc8wCFA1lmMyqvna6HUobhEI1QD25FGKa7lgaCqD7uzF
042IAkOYSAgV0YLQgqudH/wK55iBHOCZqhvwW635kz6nEba2aYJuD34ejDytr9qj
lKrqjtB0dIM3fjwEfD+gdiTsOjUc8S/obde2LHZf1b4LjwVXfhXTcBLh8zR9yVWS
334Lc+qXdtBuHrkQ03e549jAhDTO5RzU47vvPLaPhyRNf7A9V1MtBvYhdR5/nGTr
2mYKZl+maFFgXuqaoDS2hbvLGC3ZRK54a+vrpvCk226rhyRYRLTLTFPwGBtO0+1a
37fA62qEhD5xlx6zhwvdCHoocQws2iJoPPvSbJJL2XjasR+lDcsrvavnemUgC3ty
KQd5Jont7rwsrdGid64B
=GKmD
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: