Published:2024/10/10  Last Updated:2024/11/06

JVN#54676967
baserCMS plugin "BurgerEditor" vulnerable to directory listing

Overview

baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability.

Products Affected

  • BurgerEditor (v2) versions prior to v2.25.1
  • BurgerEditor Limited Edition versions prior to v2.25.1
Note that "BurgerEditor" for baserCMS 5 series is not affected the vulnerability.

Description

baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability (CWE-548, CVE-2024-44807).
If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained.
In addition, the uploaded file itself may be obtained through the list information.

Impact

A list of uploaded files and/or files may be obtained without authentication on the web site that uses the plugin.

Solution

Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.

  • BurgerEditor (v2) v2.25.1
  • BurgerEditor Limited Edition v2.25.1

Vendor Status

Vendor Link
D-ZERO CO.,LTD. Vulnerability of Directory Listing in the baserCMS Plugin BurgerEditor

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 5.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Koh You Liang of SOMPO Holdings and Orel Gispan of Sompo Digital Lab Tel Aviv reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2024-000109

Update History

2024/11/06
Information under the section [Credit] was updated