CuteEditor for PHP Directory Traversal Vulnerability Allowing Arbitrary File Write
Vulnerability
A directory traversal vulnerability has been identified in CuteEditor for PHP version 6.6. This vulnerability exists in the browse template feature, where attackers can manipulate the ServerMapPath() function to write files to arbitrary web root directories. By renaming uploaded HTML files with directory traversal sequences, attackers can exploit this vulnerability to place files outside the designated template directory.
Impact
Exploitation of this vulnerability allows for arbitrary file writing in the web root directory, which could lead to further attacks such as cross-site scripting or overwriting critical files.
Reproduction
To reproduce this vulnerability, upload an HTML file (such as one containing a cross-site scripting payload) through the 'Insert Templates' page. After uploading, use the 'Rename File' option to rename the file using directory traversal sequences that navigate up the directory structure. Once the file is renamed, it will be written to the web root directory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.