CVE-2014-1631
published 2018-01-31CVE-2014-1631: Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
PriorityP258high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
9.47%
94.8th percentile
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eventum_project | eventum | < 2.3.5 | 2.3.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET/POST requests to /setup/index.php, which should not be publicly accessible after installation. ↗
- →Monitor for POST requests containing a 'hostname' parameter targeting /setup/index.php or /config/config.php, which may indicate an attempt to inject PHP code via the hostname field. ↗
- →Detect requests to /index.php with a 'cmd' query parameter, which is indicative of a successfully planted backdoor being executed. ↗
- ·The vulnerability affects Eventum versions up to and including 2.3.4; version 2.3.5 contains the fix. Detections should be scoped to unpatched deployments. ↗
- ·The attack is unauthenticated and network-accessible (AV:N/AC:L/Au:N), meaning no credentials or special network position are required to trigger the reinstallation vector. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Eventum 2.3.4 - 'hostname' Remote Code Execution
exploitdb·2014-01-28·CVSS 7.5
CVE-2014-1631 [HIGH] Eventum 2.3.4 - 'hostname' Remote Code Execution
Eventum 2.3.4 - 'hostname' Remote Code Execution
---
Advisory ID: HTB23198
Product: Eventum
Vendor: Eventum Development Team
Vulnerable Version(s): 2.3.4 and probably prior
Tested Version: 2.3.4
Advisory Publication: January 22, 2014 [without technical details]
Vendor Notification: January 22, 2014
Vendor Patch: January 24, 2014
Public Disclosure: January 27, 2014
Vulnerability Type: Incorrect Default Permissions [CWE-276], Code Injection [CWE-94]
CVE References: CVE-2014-1631, CVE-2014-1632
Risk Level: Critical
CVSSv2 Base Scores: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P), 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Advisory Details:
High-Tech Bridge Security Research La
Exploit-DB
Eventum - Insecure File Permissions
exploitdb·2014-01-27
CVE-2014-1631 Eventum - Insecure File Permissions
Eventum - Insecure File Permissions
---
source: https://www.securityfocus.com/bid/65186/info
Eventum is prone to an insecure file-permission vulnerability.
An attacker can exploit this issue to reinstall vulnerable application. This may aid in further attacks.
Eventum 2.3.4 is vulnerable; other versions may also be affected.
Following example URI is available.
http://www.example.com/setup/index.php
No writeups or analysis indexed.
http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666http://www.securityfocus.com/archive/1/530891/100/0/threadedhttps://bugs.launchpad.net/eventum/+bug/1271499https://www.htbridge.com/advisory/HTB23198http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666http://www.securityfocus.com/archive/1/530891/100/0/threadedhttps://bugs.launchpad.net/eventum/+bug/1271499https://www.htbridge.com/advisory/HTB23198
2018-01-31
Published