Multiple Remote File Inclusions on Pligg CMS version 1.2.2

Dognædis Ref.: DGS-SEC-10

CVE Ref: CVE-2013-2281

Release Date: 2013/03/01

Discover Credits: CodeV - Code Analyzer

Bulletin Author(s): Rocha -CodeV Team

Contact: [email protected]

Type: Remote File Inclusion

Level: Very High (Low/High/Critical)

CVSS: 4.3 (Av:N/AC:M/Au:S/C:P/I:P/A:P)

Vulnerable Application: Pligg CMS (ver. 1.2.2)

Overview:
Pligg was created as a social networking CMS. While most content management systems are designed for only a handful of authors, Pligg CMS was designed to manage a site with an unlimited number of authors. All of these registered users are in control of the website's content. It is a user driven CMS that relies on independent authors' content and participation to manage news articles.

Scope:

Description:
This vulnerability allows an attacker to upload non expected content, for instance a php file, that will be executed while loading the file.

Impact:
Generally, by exploiting this kind of vulnerability, it might be possible to achieve possible attack vectors to various kinds of attacks such as:
- Code execution on the web server
- Code execution on the client
- Denial of Service

Resolution:
Validation of uploaded files by the user should not be made through the headers of the POST request, but by the contents itself.

Official Solution:
At the moment, there is no official solution for the reported vulnerabilities.

External References:
http://en.wikipedia.org/wiki/Remote_file_inclusion
https://www.owasp.org/index.php/PHP_File_Inclusion

Download the Vulnerability Report (PDF)