CVE-2018-19114

HIGH

MinDoc < 1.0.2 - Privilege Escalation via Image Upload Session ID Manipulation

Title source: llm
STIX 2.1

Description

An issue was discovered in MinDoc through v1.0.2. It allows attackers to gain privileges by uploading an image file with contents that represent an admin session, and then sending a Cookie: header with a mindoc_id value containing the relative pathname of this uploaded file. For example, the mindoc_id (aka session ID) could be of the form aa/../../uploads/blog/201811/attach_#.jpg where '#' is a hex value displayed in the upload field of a manage/blogs/edit/ screen.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/lifei6671/mindoc/issues/384

Scores

CVSS v3 8.8
EPSS 0.0126
EPSS Percentile 66.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
iminho/mindoc < 1.0.2
Published Nov 08, 2018
Tracked Since Feb 18, 2026