TheHostingTool 1.2.6: Code ExecutionDate: 2015-10-07 16:07:40
|Affected Product:||TheHostingTool 1.2.6|
|Fixed in:||not fixed|
|Fixed Version Link:||n/a|
|Vulnerability Type:||Code Execution|
|Reported to vendor:||09/07/2015|
|Disclosed to public:||10/07/2015|
|Release mode:||Full Disclosure|
|Credits||Tim Coen of curesec GmbH|
Themes can be uploaded via a zip file by an admin. The uploader checks the validity of each file with a blacklist.
The blacklist misses at least two file types that will lead to code execution: Any file with the extension .pht - which will be executed by most default Apache configuration - and the .htaccess file - which, if parsed by the server, will allow code execution with files with arbitrary extension. It is recommended to use a whitelist instead of a blacklist.
Please note that admin credentials are required to exploit this issue.
This issue has not been fixed
5. Report Timeline
|09/07/2015||Informed Vendor about Issue (no reply)|
|09/22/2015||Reminded Vendor of disclosure date (no reply)|
|10/07/2015||Disclosed to public|