CVE-2018-17934

Vulnerability

NUUO CMS versions 3.3 and prior (including versions 3.1 and earlier) contain a path traversal vulnerability [1]. The application allows external input to construct a pathname that can be resolved outside the intended directory, enabling an attacker to read or write files outside the web root or application boundaries [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication or user interaction [1]. The CVSS v3 vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network-based exploitation with low attack complexity [1]. The attacker sends crafted HTTP requests containing path traversal sequences (e.g., ../) to traverse directories and access or manipulate files outside the intended scope [1].

Impact

Successful exploitation could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code [1]. The CISA advisory notes that these vulnerabilities could result in arbitrary remote code execution [1]. The confidentiality, integrity, and availability impacts are all rated as high [1].

Mitigation

NUUO CMS version 3.1 and prior were initially affected; the updated advisory extended the affected versions to 3.3 and prior [1]. As of the advisory publication date (October 11, 2018, updated November 27, 2018), no fix or workaround is explicitly mentioned in the available references [1]. Users should contact NUUO for updated versions or apply appropriate input validation and directory restrictions as a defense [1].