Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-19114

An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2018-19114
  • Iminho » Mindoc » Version: 0.1
    cpe:2.3:a:iminho:mindoc:0.1
  • Iminho » Mindoc » Version: 0.1.1
    cpe:2.3:a:iminho:mindoc:0.1.1
  • Iminho » Mindoc » Version: 0.1.2
    cpe:2.3:a:iminho:mindoc:0.1.2
  • Iminho » Mindoc » Version: 0.1.3
    cpe:2.3:a:iminho:mindoc:0.1.3
  • Iminho » Mindoc » Version: 0.1.4
    cpe:2.3:a:iminho:mindoc:0.1.4
  • Iminho » Mindoc » Version: 0.1.5
    cpe:2.3:a:iminho:mindoc:0.1.5
  • Iminho » Mindoc » Version: 0.10
    cpe:2.3:a:iminho:mindoc:0.10
  • Iminho » Mindoc » Version: 0.10.1
    cpe:2.3:a:iminho:mindoc:0.10.1
  • Iminho » Mindoc » Version: 0.11
    cpe:2.3:a:iminho:mindoc:0.11
  • Iminho » Mindoc » Version: 0.12
    cpe:2.3:a:iminho:mindoc:0.12
  • Iminho » Mindoc » Version: 0.13
    cpe:2.3:a:iminho:mindoc:0.13
  • Iminho » Mindoc » Version: 0.13.1
    cpe:2.3:a:iminho:mindoc:0.13.1
  • Iminho » Mindoc » Version: 0.13.2
    cpe:2.3:a:iminho:mindoc:0.13.2
  • Iminho » Mindoc » Version: 0.13.3
    cpe:2.3:a:iminho:mindoc:0.13.3
  • Iminho » Mindoc » Version: 0.13.4
    cpe:2.3:a:iminho:mindoc:0.13.4
  • Iminho » Mindoc » Version: 0.2
    cpe:2.3:a:iminho:mindoc:0.2
  • Iminho » Mindoc » Version: 0.3
    cpe:2.3:a:iminho:mindoc:0.3
  • Iminho » Mindoc » Version: 0.4
    cpe:2.3:a:iminho:mindoc:0.4
  • Iminho » Mindoc » Version: 0.5
    cpe:2.3:a:iminho:mindoc:0.5
  • Iminho » Mindoc » Version: 0.5.1
    cpe:2.3:a:iminho:mindoc:0.5.1
  • Iminho » Mindoc » Version: 0.6
    cpe:2.3:a:iminho:mindoc:0.6
  • Iminho » Mindoc » Version: 0.7
    cpe:2.3:a:iminho:mindoc:0.7
  • Iminho » Mindoc » Version: 0.7.1
    cpe:2.3:a:iminho:mindoc:0.7.1
  • Iminho » Mindoc » Version: 0.7.2
    cpe:2.3:a:iminho:mindoc:0.7.2
  • Iminho » Mindoc » Version: 0.7.3
    cpe:2.3:a:iminho:mindoc:0.7.3
  • Iminho » Mindoc » Version: 0.8
    cpe:2.3:a:iminho:mindoc:0.8
  • Iminho » Mindoc » Version: 0.8.1
    cpe:2.3:a:iminho:mindoc:0.8.1
  • Iminho » Mindoc » Version: 0.9
    cpe:2.3:a:iminho:mindoc:0.9
  • Iminho » Mindoc » Version: 1.0
    cpe:2.3:a:iminho:mindoc:1.0
  • Iminho » Mindoc » Version: 1.0.1
    cpe:2.3:a:iminho:mindoc:1.0.1
  • Iminho » Mindoc » Version: 1.0.2
    cpe:2.3:a:iminho:mindoc:1.0.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved