CVE-2019-18952
published 2019-11-13CVE-2019-18952: SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
45.36%
98.6th percentile
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sibsoft | xfilesharing | <= 2.5.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for multipart file upload POST requests to /cgi-bin/up.cgi with a custom X-Requested-With: XMLHttpRequest header, which is the attack vector for this arbitrary file upload vulnerability. ↗
- →Alert on PHP (or other executable) files uploaded to and subsequently accessed under /cgi-bin/temp/, indicating successful exploitation and potential remote code execution. ↗
- →CVE-2019-18952 can be chained with CVE-2019-18951 to achieve RCE via a .html file containing short codes served over HTTP; monitor for .html file uploads to /cgi-bin/up.cgi as well. ↗
- →Use the Shodan dork to identify exposed SibSoft Xfilesharing instances: search for html:"/?op=registration" combined with "OpenSSL". ↗
- ·The upload endpoint uses a multipart form-data 'sid' field to specify a subdirectory under /cgi-bin/temp/ where the uploaded file is stored; the attacker controls this path value. ↗
- ·No authentication is required to exploit this vulnerability (CVSS PR:N), meaning the upload endpoint /cgi-bin/up.cgi is publicly accessible. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-24p5-6g2r-2gc4: SibSoft Xfilesharing through 2
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2019-18952 [HIGH] GHSA-24p5-6g2r-2gc4: SibSoft Xfilesharing through 2
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.
VulnCheck
sibsoft xfilesharing Unrestricted Upload of File with Dangerous Type
vulncheck·2019·CVSS 7.5
CVE-2019-18952 [HIGH] sibsoft xfilesharing Unrestricted Upload of File with Dangerous Type
sibsoft xfilesharing Unrestricted Upload of File with Dangerous Type
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.
Affected: sibsoft xfilesharing
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-plague/; https://blog.checkpoint.com/security/april-2022s-most-wanted-malware-a-shake-up-in-the-index-but-emotet-is-still-on-top/; https://blog.checkpoint.com/security/april-2024s-most-wanted
No detection rules found.
Nuclei
Xfilesharing 2.5.1 - Arbitrary File Upload
nuclei·CVSS 7.5
CVE-2019-18952 [HIGH] Xfilesharing 2.5.1 - Arbitrary File Upload
Xfilesharing 2.5.1 - Arbitrary File Upload
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload.This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.
Template:
id: CVE-2019-18952
info:
name: Xfilesharing 2.5.1 - Arbitrary File Upload
author: daffainfo
severity: critical
description: |
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload.This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, that is served over HTTP.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact:
Attackers can upload malicious files and execute arbitrary
http://packetstormsecurity.com/files/155324/Xfilesharing-2.5.1-Local-File-Inclusion-Shell-Upload.htmlhttps://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbcehttp://packetstormsecurity.com/files/155324/Xfilesharing-2.5.1-Local-File-Inclusion-Shell-Upload.htmlhttps://gist.github.com/pak0s/af9f640170aed335fdf6d110d468dbce
2019-11-13
Published
Exploited in the wild