Login Sign Up

CVE-2018-13038

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

OpenSID 18.06-pasca has an unrestricted file upload vulnerability in the article attachment feature that allows attackers to upload malicious PHP files disguised as PDFs. This enables remote code execution on affected web servers. Any OpenSID installation with the vulnerable version is at risk.

💻 Affected Systems

Products:
  • OpenSID
Versions: 18.06-pasca
Operating Systems: Any OS running OpenSID
Default Config Vulnerable: ⚠️ Yes
Notes: Requires article feature with attachment functionality enabled.

📦 What is this software?

Opensid by Opendesa

View all CVEs affecting Opensid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Webshell installation allowing persistent access, data exfiltration, and further lateral movement within the network.

🟢

If Mitigated

File uploads blocked or properly validated, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Web applications with file upload functionality are directly accessible from the internet.
🏢 Internal Only: MEDIUM - Internal applications could still be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to access the article attachment feature. The vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 18.06-pasca

Vendor Advisory: https://github.com/OpenSID/OpenSID/issues/1177

Restart Required: No

Instructions:

1. Update OpenSID to the latest version. 2. Apply any security patches provided by the OpenSID project. 3. Verify file upload validation is properly implemented.

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable the article attachment feature until patching is complete.

Implement file type validation

all

Add server-side validation to reject files with .php extension regardless of Content-Type header.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block .php file uploads
  • Restrict upload directory permissions and disable PHP execution in upload directories

🔍 How to Verify

Check if Vulnerable:

Check if running OpenSID version 18.06-pasca and test if .php files can be uploaded via article attachments with modified Content-Type headers.

Check Version:

Check OpenSID version in application configuration or admin panel.

Verify Fix Applied:

Attempt to upload a .php file with application/pdf Content-Type - should be rejected. Verify OpenSID version is updated.

📡 Detection & Monitoring

Log Indicators:

  • File upload attempts with .php extension
  • Unusual file uploads to article attachment endpoints
  • PHP file execution from upload directories

Network Indicators:

  • HTTP POST requests to upload endpoints with .php files
  • Requests to uploaded PHP files in upload directories

SIEM Query:

source="web_server" AND (uri_path="*/upload*" AND file_extension=".php") OR (user_agent="*" AND response_code=200 AND uri_path="*/uploads/*.php")

📊 Metadata

CVE ID: CVE-2018-13038
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: July 1, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-13038, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)