Multiple issues was discovered in Backdrop CMS

Overview :
Multiple issues was discovered in Backdrop CMS
Affected Product(s) :
  • Backdrop Core 1.14.x versions prior to 1.14.2
  • Backdrop Core 1.13.x versions prior to 1.13.5
Vulnerability Details :
CVE ID : CVE-2019-19900

Backdrop CMS doesn’t sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripting when creating content.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer content types”.

CVE ID : CVE-2019-19901

Backdrop CMS doesn’t sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when configuring a layout.

This issue is mitigated by the fact that the attacker would be required to have the permission to create custom blocks, which is typically an administrative task.

CVE ID : CVE-2019-19902

Backdrop CMS allows the upload of entire-site configuration archives through the user interface or command-line. Backdrop CMS does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server.

This issue is mitigated by the fact that the attacker would be required to have the “Synchronize, import, and export configuration” permission, a permission that only trusted administrators should be given. Other measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.

CVE ID : CVE-2019-19903

Backdrop CMS doesn’t sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list of file types.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer file types”.

Solution :

Upgrade your site to the most recent version of Backdrop core. Download available on the Backdrop CMS 1.14.2 release page. See the update instructions, if needed.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to