CVE-2019-11021 - OpenCVE

admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schlix	Cms

Configuration 1 [-]

cpe:2.3:a:schlix:cms:2.1.8-7:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/
https://vuldb.com/?id.144129
https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021
https://www.schlix.com/html/schlix-cms-downloads.html
https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-24T15:26:25

Updated: 2024-08-04T22:40:16.048Z

Reserved: 2019-04-08T00:00:00

Link: CVE-2019-11021

Vulnrichment

Updated: 2024-08-04T22:40:16.048Z

NVD

Status : Modified

Published: 2019-10-24T16:15:20.047

Modified: 2024-08-04T23:15:36.023

Link: CVE-2019-11021

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-29T15:41:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.schlix.com/html/schlix-cms-downloads.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.144129"}, {"tags": ["x_refsource_MISC"], "url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11021", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.schlix.com/html/schlix-cms-downloads.html", "refsource": "MISC", "url": "https://www.schlix.com/html/schlix-cms-downloads.html"}, {"name": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "refsource": "MISC", "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/"}, {"name": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", "refsource": "MISC", "url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021"}, {"name": "https://vuldb.com/?id.144129", "refsource": "MISC", "url": "https://vuldb.com/?id.144129"}, {"name": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", "refsource": "MISC", "url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html"}]}}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-11021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-26T20:30:31.660773Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:12:00.648Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.048Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.schlix.com/html/schlix-cms-downloads.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.144129"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11021", "datePublished": "2019-10-24T15:26:25", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:16.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.schlix.com/html/schlix-cms-downloads.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://vuldb.com/?id.144129", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:40:16.048Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-11021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-26T20:30:31.660773Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-26T20:30:37.403Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.schlix.com/html/schlix-cms-downloads.html", "tags": ["x_refsource_MISC"]}, {"url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "tags": ["x_refsource_MISC"]}, {"url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", "tags": ["x_refsource_MISC"]}, {"url": "https://vuldb.com/?id.144129", "tags": ["x_refsource_MISC"]}, {"url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2019-10-29T15:41:12"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.schlix.com/html/schlix-cms-downloads.html", "name": "https://www.schlix.com/html/schlix-cms-downloads.html", "refsource": "MISC"}, {"url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "name": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", "refsource": "MISC"}, {"url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", "name": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021", "refsource": "MISC"}, {"url": "https://vuldb.com/?id.144129", "name": "https://vuldb.com/?id.144129", "refsource": "MISC"}, {"url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", "name": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-11021", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2019-11021", "state": "PUBLISHED", "dateUpdated": "2024-08-04T22:40:16.048Z", "dateReserved": "2019-04-08T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-10-24T15:26:25", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schlix:cms:2.1.8-7:*:*:*:*:*:*:*", "matchCriteriaId": "9D0C8BAE-A63D-409B-9510-FACD22C16335", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: \"While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site."}, {"lang": "es", "value": "** EN DISPUTA ** El archivo admin/app/mediamanager en Schlix CMS versi\u00f3n 2.1.8-7, permite una carga de archivos sin restricciones autenticada, lo que conlleva a la ejecuci\u00f3n de c\u00f3digo remota. NOTA: \"Si bien, sin darse cuenta, permite que un archivo PHP se cargue a trav\u00e9s de Media Manager fue un descuido,aunque se requiere un permiso de administrador. Creemos que es bastante raro que un administrador explote un error en su propio sitio para tener su propio sitio \"."}], "id": "CVE-2019-11021", "lastModified": "2024-08-04T23:15:36.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-24T16:15:20.047", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/"}, {"source": "cve@mitre.org", "url": "https://vuldb.com/?id.144129"}, {"source": "cve@mitre.org", "url": "https://www.incibe-cert.es/en/early-warning/vulnerabilities/cve-2019-11021"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://www.schlix.com/html/schlix-cms-downloads.html"}, {"source": "cve@mitre.org", "url": "https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}