CVE-2019-7718 in MetInfo
Summary
by MITRE
An issue was discovered in Metinfo 6.x. An attacker can leverage a race condition in the backend database backup function to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=<?php and admin/databack/bakup_tables.php?2=file_put_contents URIs because app/system/databack/admin/index.class.php creates bakup_tables.php temporarily.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/09/2023
The vulnerability CVE-2019-7718 represents a critical race condition flaw in Metinfo 6.x content management system that allows remote code execution through improper handling of database backup operations. This vulnerability exists within the administrative backend functionality where the system creates temporary backup files without adequate synchronization mechanisms, creating a window of opportunity for malicious exploitation. The flaw specifically manifests in the database backup module where the application generates temporary files in a manner that can be manipulated by unauthorized users.
The technical implementation of this vulnerability stems from the insecure creation of temporary files in the app/system/databack/admin/index.class.php component. When an administrator accesses the database backup functionality through the URI paths mentioned in the vulnerability description, the system creates a temporary file named bakup_tables.php in a predictable location. This temporary file creation process lacks proper access controls and file system permissions checks, allowing attackers to inject malicious PHP code into the backup process. The race condition occurs because the temporary file is created and then immediately accessible to attackers who can manipulate the file content before or during the backup operation.
The operational impact of this vulnerability is severe as it provides attackers with arbitrary code execution capabilities within the context of the web application. Once exploited, an attacker can execute PHP code on the server hosting the Metinfo application, potentially leading to complete system compromise. The vulnerability affects the administrative interface specifically, meaning that successful exploitation would require an attacker to already have administrative credentials or to gain access through other means. However, the race condition aspect makes this attack relatively straightforward to execute once the attacker has access to the vulnerable administrative endpoints.
The vulnerability aligns with CWE-367, which describes Time-of-Check to Time-of-Use (TOCTOU) race conditions, and represents a classic example of insecure temporary file handling in web applications. From an attack perspective, this vulnerability maps to multiple ATT&CK techniques including T1059.007 for PHP execution and T1078 for valid accounts usage. The attack vector requires HTTP access to specific administrative endpoints and involves manipulating temporary file creation processes to inject malicious code that will be executed during the backup operation. The lack of proper input validation and file system permission controls makes this vulnerability particularly dangerous as it can be exploited without requiring complex attack chains or additional reconnaissance.
Mitigation strategies for CVE-2019-7718 should focus on immediate patching of the Metinfo 6.x application to address the race condition in temporary file handling. Organizations should implement proper access controls and authentication mechanisms to ensure only authorized administrators can access the database backup functionality. Additionally, implementing proper file system permissions, using secure temporary file creation methods with proper atomic operations, and conducting regular security audits of web application components can help prevent similar vulnerabilities. Network segmentation and monitoring of administrative access patterns can also provide early detection of potential exploitation attempts. The vulnerability highlights the importance of proper synchronization mechanisms in concurrent systems and the need for secure temporary file handling practices as outlined in OWASP Top 10 security guidelines.