A vulnerability, which was classified as critical, has been found in Blue River Mura CMS up to 7.0 (Content Management System). This issue affects some unknown functionality of the component File Upload. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.

The bug was discovered 02/26/2018. The weakness was presented 02/26/2018 (Website). It is possible to read the advisory at bekhzod0725.github.io. The identification of this vulnerability is CVE-2018-7486 since 02/26/2018. The exploitation is known to be easy. The attack may be initiated remotely. A simple authentication is required for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading to version 7.0.7029 eliminates this vulnerability.

See VDB-113841 for similar entry.

Productinfo

Type

• Content Management System

Vendor

• Blue River Mura

Name

• CMS

Version

• 7.0

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion