lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 13 May 2018 20:08:04 +0200
From: Imre Rad <>
Subject: [FD] CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8

 "ProjectPier is a Free, Open-Source, PHP application for managing tasks,
projects and teams through an intuitive web interface."

I reached out to the vendor via several channels to report the findings
below, but received no response. Since the project is abandoned (latest
commits are 3 years old), I decided to go for full disclosure.
The vulnerable versions are 0.8.8 and below.

Vulnerability #1 (CVE-2018-10759):
The PHP file (public/patch/patch.php) is public facing, accessible without
authentication and is vulnerable to PHP remote file inclusion attacks since
the id parameter is not sanitized.
As a consequence of this, attackers could execute arbitrary commands via
the expect:// fopen wrapper or execute arbitrary SQL statements.

Decommission the application or at least remove the affected file.

Vulnerability #2 (CVE-2018-10760):
The official Files plugin of ProjectPier is a file management plugin
offering file uploads for the authentication users having the appropriate
permissions granted. The files are uploaded into the subdirectory /tmp
under the document root. The plugin does not enforce any security controls
regarding the type/content of the file being uploaded, which could be
abused by malicious users to execute arbitrary PHP code by uploading it via
this plugin.

Decommission the application or revoke access privileges to the plugin.

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists