Platform
php
Component
vuls
Opgelost in
4.7.19
CVE-2023-5013 is a problematic cross-site scripting (XSS) vulnerability discovered in Pluck CMS versions 4.7.18. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. The vulnerability resides within the installation handler (install.php) and is addressed in version 4.7.19.
Successful exploitation of CVE-2023-5013 allows an attacker to inject arbitrary JavaScript code into the Pluck CMS application. This can lead to a variety of malicious actions, including stealing user cookies, redirecting users to phishing sites, or defacing the website. The attack is remotely exploitable, meaning an attacker does not need to be on the same network as the CMS. While the complexity of the attack is considered high, the public disclosure of the vulnerability increases the risk of exploitation, particularly if users have not yet applied the patch.
CVE-2023-5013 was publicly disclosed on September 16, 2023. The vulnerability is considered to have a low CVSS score of 2.6. A public proof-of-concept may exist, increasing the likelihood of exploitation. It is recommended to prioritize patching to mitigate the risk.
Websites and applications using Pluck CMS version 4.7.18 are at risk. Shared hosting environments where multiple websites share the same instance of Pluck CMS are particularly vulnerable, as an attacker could potentially compromise other websites on the same server.
• php: Examine install.php for unsanitized input handling of the contents parameter. Search for instances where user-supplied data is directly injected into HTML output without proper encoding.
// Example: Check for suspicious characters in the contents parameter
if (preg_match('/<script>/i', $_GET['contents'])) {
// Log or block the request
}• generic web: Monitor access logs for requests to install.php containing suspicious payloads (e.g., <script>, javascript:, onerror=).
• generic web: Check response headers for signs of injected JavaScript code (e.g., unusual Content-Security-Policy directives).
disclosure
Exploit Status
EPSS
0.07% (22% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2023-5013 is to upgrade Pluck CMS to version 4.7.19 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the contents parameter in install.php to prevent the injection of malicious scripts. While a Web Application Firewall (WAF) might offer some protection, it is not a substitute for patching the vulnerable software. After upgrading, verify the fix by attempting to inject a simple JavaScript payload into the contents parameter of install.php and confirming that it is properly sanitized.
Actualice Pluck CMS a una versión posterior a la 4.7.18 que haya solucionado la vulnerabilidad XSS en el archivo install.php. Si no hay una versión disponible, considere aplicar un parche manual al archivo install.php para filtrar o escapar la entrada del usuario en el parámetro 'contents'.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2023-5013 is a cross-site scripting (XSS) vulnerability in Pluck CMS versions 4.7.18, allowing attackers to inject malicious scripts.
You are affected if you are using Pluck CMS version 4.7.18. Upgrade to 4.7.19 or later to mitigate the risk.
Upgrade Pluck CMS to version 4.7.19 or later. Implement input validation and sanitization on the contents parameter in install.php as a temporary workaround.
While active exploitation is not confirmed, the public disclosure of the vulnerability increases the risk of exploitation.
Refer to the Pluck CMS website or security advisories for the official advisory regarding CVE-2023-5013.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.