CVE-2018-1999022 - OpenCVE

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Civicrm	Civicrm
Html Quickform Project	Html Quickform

Configuration 1 [-]

cpe:2.3:a:html_quickform_project:html_quickform:3.2.14:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:civicrm:civicrm::::::::
	cpe:2.3:a:civicrm:civicrm:5.3.0:::::::*

No data.

References

Link	Providers
http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/
https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-23T16:00:00Z

Updated: 2024-09-16T16:38:06.455Z

Reserved: 2018-07-23T00:00:00Z

Link: CVE-2018-1999022

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-23T16:29:00.227

Modified: 2018-10-03T20:01:25.093

Link: CVE-2018-1999022

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-23T16:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-07-22T01:05:34.777936", "DATE_REQUESTED": "2018-07-19T23:25:02", "ID": "CVE-2018-1999022", "REQUESTER": "pear-group@php.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform", "refsource": "CONFIRM", "url": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform"}, {"name": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/", "refsource": "CONFIRM", "url": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:47:57.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1999022", "datePublished": "2018-07-23T16:00:00Z", "dateReserved": "2018-07-23T00:00:00Z", "dateUpdated": "2024-09-16T16:38:06.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:html_quickform_project:html_quickform:3.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "C5A4A7B7-8F09-4184-A79F-FE0F84317590", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C4669FD-B258-4349-A36B-275C9341C245", "versionEndIncluding": "4.6.37", "vulnerable": true}, {"criteria": "cpe:2.3:a:civicrm:civicrm:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "318C73C8-B9B8-478C-8962-EE2883D97EF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15."}, {"lang": "es", "value": "PEAR HTML_QuickForm 3.2.14 contiene una vulnerabilidad de inyecci\u00f3n de eval (CWE-95) en el m\u00e9todo getSubmitValue de HTML_QuickForm el m\u00e9todo validate de HTML_QuickForm, el m\u00e9todo _setOptions de HTML_QuickForm_hierselect, el m\u00e9todo _findValue de HTML_QuickForm_element y en el m\u00e9todo _prepareValue de HTML_QuickForm_element que puede resultar en una posible divulgaci\u00f3n de informaci\u00f3n, un posible impacto en la integridad de los datos y en la ejecuci\u00f3n de c\u00f3digo arbitrario. Este ataque parece ser explotable empleando una cadena de consulta especialmente manipulada, por ejemplo: http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//mode=live. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 3.2.15."}], "id": "CVE-2018-1999022", "lastModified": "2018-10-03T20:01:25.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-23T16:29:00.227", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}