Foswiki up to 1.1.7 Maketext Macro Code Injection privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (β) |
|---|---|
| 7.0 | $0-$5k |
A vulnerability, which was classified as critical, was found in Foswiki up to 1.1.7 (Content Management System). Affected is an unknown code block of the component Maketext Macro. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Injection). CWE is classifying the issue as CWE-94. This is going to have an impact on confidentiality, integrity, and availability.
The bug was discovered 02/19/2013. The weakness was released 11/01/2019. The advisory is available at foswiki.org. This vulnerability is traded as CVE-2013-1666 since 02/13/2013. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.
The vulnerability scanner Nessus provides a plugin with the ID 65059 (Foswiki CGI abuses and running in the context remote.
Upgrading to version 1.1.8 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at SecurityFocus (BID 58026) and Tenable (65059).
Type
Name
VulDB Meta Base Score: 7.3
VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: π
VulDB Reliability: π
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| π | π | π | π | π | π |
| π | π | π | π | π | π |
| π | π | π | π | π | π |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Privilege escalation / Code Injection (CWE-94)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 65059
Nessus Name: Foswiki Nessus File: π
Nessus Risk: π
Nessus Family: π
Nessus Context: π
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: Foswiki 1.1.8
02/13/2013 CVE assigned
02/18/2013 Countermeasure disclosed
02/19/2013 Vulnerability found
03/06/2013 Nessus plugin released
11/01/2019 Advisory disclosed
11/02/2019 VulDB entry created
11/02/2019 VulDB last updateAdvisory: foswiki.org
CVE: CVE-2013-1666 (π)
SecurityFocus: 58026
OSVDB: 90345
Created: 11/02/2019 04:26 PM
Complete: π
Comments
Download it now for free!
https://vuldb.com/?id.144786
Comments are closed.
No comments yet. Please log in to comment.