CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-11185

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile3.29th
Published2019年6月3日
Last Modified2024年11月21日

Vulnerability Description

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file extension, and prepending "magic bytes" to the payload to pass MIME checks. Specifically, an unauthenticated remote user submits a crafted file upload POST request to the REST api remote_upload endpoint. The file contains data that will fool the plugin's MIME check into classifying it as an image (which is a whitelisted file extension) and finally a trailing .phtml file extension.

Affected Platforms (CPE)

📦
3cx

Live Chat

< 8.0.26

References & Advisories

🔗 https://wordpress.org/plugins/wp-live-chat-support/#developers
🔗 https://wp-livechat.com/
🔗 https://wpvulndb.com/vulnerabilities/9320
🔗 https://wordpress.org/plugins/wp-live-chat-support/#developers
🔗 https://wp-livechat.com/
🔗 https://wpvulndb.com/vulnerabilities/9320

相關漏洞威脅

CVE-2019-186629.8

An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveCh...

CVE-2019-124989.8

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio...

CVE-2018-124269.8

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to clie...

CVE-2020-97589.6

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name param...