Multiple vulnerabilities in Scriptcase

Posted date 17/09/2024
Importance
5 - Critical
Affected Resources
  • Scriptcase, 9.4.019 version.
Description

INCIBE has coordinated the publication of 3 vulnerabilities of critical severity affecting Scriptcase version 9.4.019, a low-code platform for rapid application development that works as a code generator for PHP web applications, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2024-8940: 10 | CVSS:3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | CWE-434 
  • CVE-2024-8941: 7.5 | CVSS:3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-22 
  • CVE-2024-8942: 6.3 | CVSS:3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79 
Solution

Vulnerabilities fixed in the latest versions.

Detail
  • CVE-2024-8940: vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.
  • CVE-2024-8941: vulnerability of incorrectly limiting the path to a restricted directory in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.
  • CVE-2024-8942: vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their credentials.
References list