CVE-2018-9919

CRITICAL

Tp-shop 2.0.5-2.0.8 - Server-Side Request Forgery via Backdoor Parameter

Title source: llm
STIX 2.1

Description

A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter.

References (1)

Core 1
Core References
Exploit, Mailing List, Mitigation, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/11

Scores

CVSS v3 9.8
EPSS 0.0483
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (1)
tp-shop/tp-shop 2.0.5 - 2.0.8
Published May 02, 2018
Tracked Since Feb 18, 2026