CVE-2018-14840

CVE-2018-14840

EPSS 3.7%

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).

Affected products

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/45150/unverified exploitdbwww.exploit-db.com/exploits/45150unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47 https://github.com/intelliants/subrion/issues/773 https://www.exploit-db.com/exploits/45150/