Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/16241?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16241?format=api", "vulnerability_id": "VCID-r136-w6fm-t7fc", "summary": "Unrestricted Upload of File with Dangerous Type\n/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.", "aliases": [ { "alias": "CVE-2018-19422" }, { "alias": "GHSA-73xj-v6gc-g5p5" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55240?format=api", "purl": "pkg:composer/intelliants/subrion@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bwe-5b6b-a7e2" }, { "vulnerability": "VCID-3h1n-dvmt-5qhz" }, { "vulnerability": "VCID-3hbd-spm4-2kaz" }, { "vulnerability": "VCID-44kx-4nnh-4bdf" }, { "vulnerability": "VCID-51fa-htgd-pkd7" }, { "vulnerability": "VCID-7yej-24pb-d3dm" }, { "vulnerability": "VCID-8g7b-wfgz-77f1" }, { "vulnerability": "VCID-8gvw-wym4-qufa" }, { "vulnerability": "VCID-8n55-g9s6-5qbz" }, { "vulnerability": "VCID-94z6-as1s-pkem" }, { "vulnerability": "VCID-9fac-c1gc-jbft" }, { "vulnerability": "VCID-9hkc-qw4n-t7at" }, { "vulnerability": "VCID-abws-hvpw-myfy" }, { "vulnerability": "VCID-by36-7n26-g7cc" }, { "vulnerability": "VCID-cjhs-mtaa-7kdb" }, { "vulnerability": "VCID-ekj6-hqpd-5ybq" }, { "vulnerability": "VCID-f7sw-fp56-hudc" }, { "vulnerability": "VCID-fc5n-dcez-93fn" }, { "vulnerability": "VCID-gmvv-sz8z-ebgp" }, { "vulnerability": "VCID-hay9-1wuc-s3b1" }, { "vulnerability": "VCID-j2eh-myxv-abbm" }, { "vulnerability": "VCID-j8ge-mhfk-ebd9" }, { "vulnerability": "VCID-jqzh-mw8h-23bv" }, { "vulnerability": "VCID-ng2d-pg2s-2fac" }, { "vulnerability": "VCID-ngpm-xvdu-sybs" }, { "vulnerability": "VCID-q9uf-qqfn-n7gr" }, { "vulnerability": "VCID-qwxk-wzqe-7kdp" }, { "vulnerability": "VCID-r136-w6fm-t7fc" }, { "vulnerability": "VCID-s1ez-jft2-tydn" }, { "vulnerability": "VCID-sc65-ev58-2bbk" }, { "vulnerability": "VCID-sqbf-5a82-yucu" }, { "vulnerability": "VCID-vzeg-42da-euej" }, { "vulnerability": "VCID-ydhn-xpam-jqgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/intelliants/subrion@4.2.1" } ], "references": [ { "reference_url": "http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/162591/Subrion-CMS-4.2.1-Shell-Upload.html" }, { "reference_url": "http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/173998/Intelliants-Subrion-CMS-4.2.1-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84263", "scoring_system": "epss", "scoring_elements": "0.99328", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19422" }, { "reference_url": "https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/intelliants/subrion/commit/74359bcfaea424edda6d782a8ac25397c55972ab" }, { "reference_url": "https://github.com/intelliants/subrion/issues/801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/intelliants/subrion/issues/801" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py", "reference_id": "CVE-2018-19422", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49876.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19422", "reference_id": "CVE-2018-19422", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19422" }, { "reference_url": "https://github.com/advisories/GHSA-73xj-v6gc-g5p5", "reference_id": "GHSA-73xj-v6gc-g5p5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73xj-v6gc-g5p5" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 434, "name": "Unrestricted Upload of File with Dangerous Type", "description": "The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment." }, { "cwe_id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [ { "date_added": null, "description": "This module exploits an authenticated file upload vulnerability in\n Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by\n the .htaccess file not preventing the execution of .pht, .phar, and\n .xhtml files. Files with these extensions are not included in the\n .htaccess blacklist, hence these files can be uploaded and executed\n to achieve remote code execution. In this module, a .phar file with\n a randomized name is uploaded and executed to receive a Meterpreter\n session on the target, then deletes itself afterwards.", "required_action": null, "due_date": null, "notes": "Stability:\n - crash-safe\nReliability:\n - repeatable-session\nSideEffects:\n - artifacts-on-disk\n - ioc-in-logs\n", "known_ransomware_campaign_use": false, "source_date_published": "2018-11-04", "exploit_type": null, "platform": "PHP", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/subrion_cms_file_upload_rce.rb" }, { "date_added": "2021-05-17", "description": "Subrion CMS 4.2.1 - Arbitrary File Upload", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": false, "source_date_published": "2021-05-17", "exploit_type": "webapps", "platform": "php", "source_date_updated": "2021-10-29", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": "7.0 - 8.9", "exploitability": "2.0", "weighted_severity": "8.0", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r136-w6fm-t7fc" }