CVE-2018-7665
published 2018-03-05CVE-2018-7665: An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or…
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.41%
96.6th percentile
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clip-bucket | clipbucket | <= 4.0.0 | — |
| elfutils_project | elfutils | >= 0 < 0.176-1.1ubuntu0.1 | 0.176-1.1ubuntu0.1 |
| elfutils_project | elfutils | >= 0 < 0.158-0ubuntu5.3+esm1 | 0.158-0ubuntu5.3+esm1 |
| elfutils_project | elfutils | >= 0 < 0.165-3ubuntu1.2+esm1 | 0.165-3ubuntu1.2+esm1 |
| elfutils_project | elfutils | >= 0 < 0.170-0.4ubuntu0.1+esm1 | 0.170-0.4ubuntu0.1+esm1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to /actions/beats_uploader.php, /actions/photo_uploader.php, or /edit_account.php containing file upload payloads (e.g., PHP webshells) — no valid session cookie is required by the vulnerable endpoint. ↗
- →Alert on file uploads via the `name` parameter to beats_uploader.php or photo_uploader.php, and the `coverPhoto` parameter to edit_account.php, especially where the uploaded file has a script extension (e.g., .php). ↗
- →Flag subsequent HTTP requests to the upload destination path that result in OS command execution, indicating a successfully uploaded webshell being invoked. ↗
- ·The vulnerability affects ClipBucket versions strictly before 4.0.0 Release 4902; detections should be scoped to environments running unpatched versions of ClipBucket. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
elfutils vulnerabilities
osv·2023-08-30·CVSS 5.5
CVE-2018-16062 elfutils vulnerabilities
elfutils vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed
files. If a user or automated system were tricked into processing a
specially crafted file, elfutils could be made to crash or consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2018-16062, CVE-2018-16403, CVE-2018-18310,
CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,
CVE-2019-7665)
It was discovered that elfutils incorrectly handled bounds checks in
certain functions when processing malformed files. If a user or automated
system were tricked into processing a specially crafted file, elfutils
could be made to crash or consume resources, resulting in a denial of
service. (CVE-2020-21047, CVE-2021-33294)
GHSA
GHSA-vmv9-wqwh-2377: An issue was discovered in ClipBucket before 4
ghsa_unreviewed·2022-05-14
CVE-2018-7665 [CRITICAL] CWE-434 GHSA-vmv9-wqwh-2377: An issue was discovered in ClipBucket before 4
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
No detection rules found.
No writeups or analysis indexed.
http://lists.openwall.net/full-disclosure/2018/02/27/1https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.htmlhttp://lists.openwall.net/full-disclosure/2018/02/27/1https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html
2018-03-05
Published