A vulnerability was found in Montala Limited ResourceSpace up to 7.2.6726 and classified as critical. Affected by this issue is some unknown functionality of the file pages/setup.php. The manipulation of the argument defaultlanguage with an unknown input leads to a path traversal vulnerability. Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.

The weakness was disclosed 06/09/2015 with High-Tech Bridge Security Research Lab (Website). The advisory is shared for download at htbridge.com. This vulnerability is handled as CVE-2015-3648 since 05/06/2015. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1006.

By approaching the search of inurl:pages/setup.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 7.2.6727 eliminates this vulnerability.

Productinfo

Vendor

• Montala

Name

• Limited ResourceSpace

Version

• 7.2.6726

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion