CVE-2018-9919 Information
Description
A web-accessible backdoor with resultant SSRF exists in Tp-shop 2.0.5 through 2.0.8 which allows remote attackers to obtain sensitive information attack intranet hosts or possibly trigger remote command execution because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the \down_url\ URL into the \bddlj\ local file if the attacker knows the backdoor \jmmy\ parameter.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://seclists.org/fulldisclosure/2018/May/11
A
web-accessible
backdoor
with
resultant
SSRF
exists
in
Tp-shop
2.0.5
through
2.0.8
which
allows
remote
attackers
to
obtain
sensitive
information
attack
intranet
hosts
or
possibly
trigger
remote
command
execution
because
/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php
writes
data
from
the
\down_url
URL
into
the
\bddlj
local
file
if
the
attacker
knows
the
backdoor
\jmmy
parameter.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: