CVE-2015-0912

Vulnerability

EasyCTF is a server-side CGI for scoring CTF competitions. Versions before 1.4 (i.e., EasyCTF-1.3 and earlier) contain a path traversal vulnerability (CWE-22) that allows remote authenticated users to create arbitrary files on the server [1][2]. The exact mechanism is not detailed, but the vendor states "Somebody can make any files" [3].

Exploitation

An attacker must have valid authentication to the EasyCTF application. With network access and low complexity, the attacker can exploit the vulnerability to write executable content to files [2]. The CVSS v2 vector indicates authentication is required (single instance) [2]. The specific steps are not disclosed, but the vulnerability is triggered via unspecified vectors [description].

Impact

Successful exploitation allows an attacker to create arbitrary files, which may include executable content. This can lead to arbitrary code execution on the server, compromising confidentiality, integrity, and availability [1][2]. The CVSS base score is 6.5 (Medium) [2].

Mitigation

The vendor released version EasyCTF-1.4 to fix the vulnerability [3]. Users should update to the latest version as provided by the developer [1][2]. No workarounds are mentioned. The vulnerability is not listed on CISA KEV as of the publication date.