Login Sign Up

CVE-2019-13187

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to Symphony CMS servers running the vulnerable Rich Text Formatter (Redactor) extension. Attackers can upload malicious files like webshells to gain remote code execution. All Symphony CMS installations using Redactor extension v1.1.1 or earlier are affected.

💻 Affected Systems

Products:
  • Symphony CMS Rich Text Formatter (Redactor) extension
Versions: v1.1.1 and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Symphony CMS with Redactor extension installed and enabled.

📦 What is this software?

Rich Text Formatter by Symphonyextensions

View all CVEs affecting Rich Text Formatter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment leading to website defacement, data exfiltration, or use as part of a botnet.

🟢

If Mitigated

File upload attempts blocked or logged, with no successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP POST requests to vulnerable endpoints with malicious files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://symphonyextensions.com/extensions/richtext_redactor/

Restart Required: No

Instructions:

1. Remove or disable the Redactor extension. 2. Delete all uploaded files from the extension's upload directories. 3. Consider alternative rich text editor extensions.

🔧 Temporary Workarounds

Block vulnerable endpoints

all

Use web server configuration to block access to content.fileupload.php and content.imageupload.php

# Apache: RewriteRule ^(.*)/content\.(file|image)upload\.php$ - [F]
# Nginx: location ~ /\.php$ { if ($request_uri ~* /content\.(file|image)upload\.php) { return 403; } }

Restrict file upload permissions

linux

Set strict file permissions on upload directories to prevent execution

chmod 644 /path/to/upload/directory/*
chmod 755 /path/to/upload/directory/

🧯 If You Can't Patch

  • Disable the Redactor extension immediately
  • Implement WAF rules to block file uploads to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check if Redactor extension is installed and version is ≤1.1.1 via Symphony CMS extensions panel.

Check Version:

Check Symphony CMS admin panel → System → Extensions

Verify Fix Applied:

Confirm extension is removed/disabled and test file upload functionality is blocked.

📡 Detection & Monitoring

Log Indicators:

  • HTTP POST requests to /content.fileupload.php or /content.imageupload.php
  • Uploads of executable file types (.php, .jsp, .asp)

Network Indicators:

  • Unusual outbound connections from web server
  • Large file uploads to vulnerable endpoints

SIEM Query:

source="web_server" AND (url="*content.fileupload.php*" OR url="*content.imageupload.php*") AND method="POST"

📊 Metadata

CVE ID: CVE-2019-13187
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: September 5, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13187, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)