CVE-2019-19902 (GCVE-0-2019-19902)

Vulnerability from cvelistv5 – Published: 2019-12-19 05:03 – Updated: 2024-08-05 02:32
VLAI?
Summary
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:09.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://backdropcms.org/security/backdrop-sa-core-2019-016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the \"Synchronize, import, and export configuration\" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-19T05:03:27",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://backdropcms.org/security/backdrop-sa-core-2019-016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19902",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the \"Synchronize, import, and export configuration\" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://backdropcms.org/security/backdrop-sa-core-2019-016",
              "refsource": "MISC",
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19902",
    "datePublished": "2019-12-19T05:03:27",
    "dateReserved": "2019-12-19T00:00:00",
    "dateUpdated": "2024-08-05T02:32:09.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.13.0\", \"versionEndExcluding\": \"1.13.5\", \"matchCriteriaId\": \"CC70009E-573A-4607-B4F5-D8C8D4C23B98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.14.0\", \"versionEndExcluding\": \"1.14.2\", \"matchCriteriaId\": \"DA7553B9-C72A-4305-8E42-D816D77F27D8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the \\\"Synchronize, import, and export configuration\\\" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Backdrop CMS versiones 1.13.x anteriores a 1.13.5 y versiones 1.14.x anteriores a 1.14.2. Permite cargar archivos de configuraci\\u00f3n de todo el sitio por medio de la interfaz de usuario o la l\\u00ednea de comandos. No comprueba suficientemente los archivos cargados en busca de datos no v\\u00e1lidos, permitiendo que los scripts que no sean de configuraci\\u00f3n sean cargados potencialmente en el servidor. Este problema es mitigado por el hecho de que el atacante deber\\u00eda tener el permiso \\\"Synchronize, import, and export configuration\\\", un permiso que solo deber\\u00eda ser otorgado por los administradores de confianza. Otras medidas en el producto evitan la ejecuci\\u00f3n de scripts PHP, por lo que otro lenguaje de scripting del lado del servidor debe estar accesible en el servidor para ejecutar el c\\u00f3digo.\"}]",
      "id": "CVE-2019-19902",
      "lastModified": "2024-11-21T04:35:37.530",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-19T06:15:11.117",
      "references": "[{\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-016\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://backdropcms.org/security/backdrop-sa-core-2019-016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19902\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-19T06:15:11.117\",\"lastModified\":\"2024-11-21T04:35:37.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the \\\"Synchronize, import, and export configuration\\\" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Backdrop CMS versiones 1.13.x anteriores a 1.13.5 y versiones 1.14.x anteriores a 1.14.2. Permite cargar archivos de configuraci\u00f3n de todo el sitio por medio de la interfaz de usuario o la l\u00ednea de comandos. No comprueba suficientemente los archivos cargados en busca de datos no v\u00e1lidos, permitiendo que los scripts que no sean de configuraci\u00f3n sean cargados potencialmente en el servidor. Este problema es mitigado por el hecho de que el atacante deber\u00eda tener el permiso \\\"Synchronize, import, and export configuration\\\", un permiso que solo deber\u00eda ser otorgado por los administradores de confianza. Otras medidas en el producto evitan la ejecuci\u00f3n de scripts PHP, por lo que otro lenguaje de scripting del lado del servidor debe estar accesible en el servidor para ejecutar el c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.5\",\"matchCriteriaId\":\"CC70009E-573A-4607-B4F5-D8C8D4C23B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.2\",\"matchCriteriaId\":\"DA7553B9-C72A-4305-8E42-D816D77F27D8\"}]}]}],\"references\":[{\"url\":\"https://backdropcms.org/security/backdrop-sa-core-2019-016\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://backdropcms.org/security/backdrop-sa-core-2019-016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.