Login Sign Up

CVE-2018-0645

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

MTAppjQuery 1.8.1 and earlier contain an unrestricted file upload vulnerability that allows remote attackers to execute arbitrary PHP code on affected systems. This affects websites using vulnerable versions of the MTAppjQuery plugin for Movable Type. Attackers can compromise the entire web server through this vulnerability.

💻 Affected Systems

Products:
  • MTAppjQuery
Versions: 1.8.1 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Movable Type installations using the vulnerable MTAppjQuery plugin.

📦 What is this software?

Mtappjquery by Bit Part

View all CVEs affecting Mtappjquery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Website defacement, data exfiltration, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if file uploads are restricted or web application firewalls block malicious uploads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation involves uploading malicious PHP files through the vulnerable plugin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.2 or later

Vendor Advisory: https://bit-part.net/news/2018/07/mtappjquery-20180717.html

Restart Required: No

Instructions:

1. Download MTAppjQuery 1.8.2 or later from the official repository. 2. Replace the existing MTAppjQuery plugin files with the updated version. 3. Verify the plugin version in Movable Type's plugin management interface.

🔧 Temporary Workarounds

Disable MTAppjQuery Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

Navigate to Movable Type admin panel > Plugins > Disable MTAppjQuery

Restrict File Uploads

linux

Configure web server to block PHP file uploads through the plugin's upload directory.

Add 'Deny from all' to .htaccess in MTAppjQuery upload directory

🧯 If You Can't Patch

  • Implement web application firewall rules to block malicious file upload patterns
  • Monitor file system for unauthorized PHP file creation in upload directories

🔍 How to Verify

Check if Vulnerable:

Check Movable Type plugin list for MTAppjQuery version 1.8.1 or earlier.

Check Version:

Check Movable Type admin panel: System > Plugins

Verify Fix Applied:

Confirm MTAppjQuery version is 1.8.2 or later in plugin management.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to MTAppjQuery directories
  • Execution of unexpected PHP files

Network Indicators:

  • HTTP POST requests to MTAppjQuery upload endpoints with PHP file extensions

SIEM Query:

source="web_server" AND (uri_path="/mtappjquery/upload" OR file_extension=".php")

📊 Metadata

CVE ID: CVE-2018-0645
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: September 7, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-0645, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)