CVE-2018-1000504
Redirection <= 2.7.3 - Local File Inclusion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8.
Redirection 2.7.3 contiene un ACE mediante una vulnerabilidad de inclusiĆ³n de archivos en el modo Pass-through que puede resultar en que los administradores puedan ejecutar cualquier archivo PHP en el sistema de archivos. Para explotar este ataque, el atacante debe tener acceso a una cuenta de administrador en el sitio objetivo. La vulnerabilidad parece haber sido solucionada en la versiĆ³n 2.8.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-12 CVE Reserved
- 2018-06-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://advisories.dxw.com/advisories/ace-file-inclusion-redirection | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redirection Search vendor "Redirection" | Redirection Search vendor "Redirection" for product "Redirection" | 2.7.3 Search vendor "Redirection" for product "Redirection" and version "2.7.3" | - |
Affected
|