Web-accessible backdoor in Tp-shop 2.0.5 through 2.0.8 allows SSRF and remote command execution

Web-accessible backdoor in Tp-shop 2.0.5 through 2.0.8 allows SSRF and remote command execution

CVE-2018-9919 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter.

Learn more about our Web App Pen Testing.