Information Disclosure Vulnerability(Need Authentication)

[tangxiaofeng7]

I found a information leakage vulnerabilities in BigTree-CMS, you need to login the backstage first.

Steps to reproduce:

1、Login in to the backstage http://localhost/BigTree-CMS-master/site/index.php/admin
2、Post some contents
3、Checked the page and see
4、Then create and publish
5、Search and update

This vulnerability reveals the full path of bigtree-CMS
Let's look at the code:

The parameters of post are not restricted,so it will be evali it in wrong。

[fgeek]

CVE-2018-20405 has been assigned for this issue.

[timbuckingham]

This looks like it requires developer level access which allows for full code execution through a variety of means (template creation, module creation, extension installation, etc). Am I missing the privilege escalation aspect?

[NicoleG25]

Hi @timbuckingham ,
Was this vulnerability ever addressed? note that there was a CVE assigned, if you wish, you can contact MITRE to dispute it if you disagree with it.
Kind regards !

[timbuckingham]

No, this was not a vulnerability to be addressed as developer level accounts have full write access to the filesystem by design.

[NicoleG25]

@timbuckingham would you be contacting MITRE in order to dispute this ?
Because as of now it appears as a valid/active vulnerability.

Thanks for your quick reply !

No, this was not a vulnerability to be addressed as developer level accounts have full write access to the filesystem by design.

[timbuckingham]

I've submitted a rejection request at MITRE. I'm new at that process so hopefully I did it right! I'll follow up here when I hear back.

[NicoleG25]

I've submitted a rejection request at MITRE. I'm new at that process so hopefully I did it right! I'll follow up here when I hear back.

Alright good to know ! hopefully all goes well :)
Have a nice day !