CVE-2017-9442 - OpenCVE

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bigtreecms	Bigtree Cms

Configuration 1 [-]

cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/bigtreecms/BigTree-CMS/issues/291

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-05T19:00:00Z

Updated: 2024-09-17T00:40:29.696Z

Reserved: 2017-06-05T00:00:00Z

Link: CVE-2017-9442

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-06-05T19:29:00.260

Modified: 2024-08-05T17:15:39.363

Link: CVE-2017-9442

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\unpack.php and core\\admin\\modules\\developer\\packages\\install\\unpack.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-05T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/bigtreecms/BigTree-CMS/issues/291"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9442", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\unpack.php and core\\admin\\modules\\developer\\packages\\install\\unpack.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bigtreecms/BigTree-CMS/issues/291", "refsource": "MISC", "url": "https://github.com/bigtreecms/BigTree-CMS/issues/291"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:11:01.148Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bigtreecms/BigTree-CMS/issues/291"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9442", "datePublished": "2017-06-05T19:00:00Z", "dateReserved": "2017-06-05T00:00:00Z", "dateUpdated": "2024-09-17T00:40:29.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF5ED7B4-C5CC-475B-8349-3F7979D7CE22", "versionEndIncluding": "4.2.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\\admin\\modules\\developer\\extensions\\install\\unpack.php and core\\admin\\modules\\developer\\packages\\install\\unpack.php. NOTE: the vendor states \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files."}, {"lang": "es", "value": "** EN DISPUTA ** BigTree CMS hasta versi\u00f3n 4.2.18, permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario al cargar un paquete especialmente dise\u00f1ado que contiene un shell web de PHP, relacionado con la extracci\u00f3n de un archivo ZIP en patrones de nombre de archivo como cache/package/xxx/yyy.php Este problema se presenta en los archivos core\\admin\\modules\\developer\\extensions\\install\\unpack.php y core\\admin\\modules\\developer\\packages\\install\\unpack.php. NOTA: el proveedor declara que \"You must implicitly trust any package or extension you install as they all have the ability to write PHP files.\""}], "id": "CVE-2017-9442", "lastModified": "2024-08-05T17:15:39.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-05T19:29:00.260", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bigtreecms/BigTree-CMS/issues/291"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}