[Japanese]

JVNDB-2018-000080

Movable Type plugin MTAppjQuery vulnerable to PHP code execution

Overview

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file (CWE-434), which may lead to arbitrary PHP code execution if MTAppjQuery is used.

ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.3 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


bit part LLC.
  • MTAppjQuery 1.8.1 and earlier

Impact

A remote attacker may execute arbitrary PHP code on the server.
Solution

[Update MTAppjQuery]
Update to the latest version according to the information provided by the developer.
According to the developer, delete the Uplodify directory manually if the latest update cannot be applied.
Vendor Information

bit part LLC.
CWE (What is CWE?)

  1. Code Injection(CWE-94) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2018-0645
References

  1. JVN : JVN#62423700
  2. National Vulnerability Database (NVD) : CVE-2018-0645
  3. Sucuri : Uploadify, Uploadify and Uploadify - The New TimThumb?
Revision History

  • [2018/07/18]
      Web page was published
  • [2019/07/26]
      References : Content was added

Date Public2018/07/18
Date First Published2018/07/18
Date Last Updated2019/07/26