CVE-2018-25162
Arbitrary File Upload in 2-Plan Team 1.0.4 Enables RCE
Publication date: 2026-03-06
Last updated on: 2026-03-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 2-plan | team | 1.0.4 |
| 2-plan_team | 2-plan_team | 1.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in 2-Plan Team version 1.0.4 is an arbitrary file upload flaw that allows authenticated attackers to upload executable PHP files to the server. This is done by sending multipart form data to the managefile.php script with the action set to upload and using the userfile1 parameter to upload the PHP file. Once uploaded, these files are stored in the files directory and can be executed by the web server, enabling remote code execution.
An attacker can exploit this by crafting an HTTP POST request containing a malicious PHP script, which upon successful upload, can be accessed and executed via a predictable URL path on the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing attackers to execute arbitrary code on the affected server. This can lead to full system compromise, unauthorized access to sensitive data, and potential disruption of services.
Because attackers can upload and run malicious PHP scripts, they may gain control over the server environment, which can be used to further infiltrate the network, steal information, or launch additional attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to upload a PHP file via the managefile.php script using the action=upload parameter and the userfile1 field in a multipart/form-data POST request.'}, {'type': 'paragraph', 'content': 'A practical detection method involves sending a crafted HTTP POST request to the target server to upload a simple PHP file such as phpinfo.php containing `<?php phpinfo(); ?>`.'}, {'type': 'paragraph', 'content': "After uploading, verify if the file is accessible and executable by requesting the uploaded file's URL, typically under the /files directory."}, {'type': 'list_item', 'content': 'Use curl to upload a test PHP file: curl -v -F "action=upload" -F "[email protected]" http://target/managefile.php'}, {'type': 'list_item', 'content': 'Check if the uploaded file is accessible: curl http://target/files/standard/ef/1/phpinfo_XXXXXX.php (replace XXXXXX with the actual generated suffix)'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting authenticated user permissions to prevent arbitrary file uploads.
Implement server-side validation to block uploading of executable PHP files or any files that could be executed by the web server.
Restrict access to the managefile.php script to only trusted users and consider disabling file upload functionality if not needed.
Additionally, monitor and audit the files directory for any suspicious or unexpected PHP files.
Apply any available patches or updates from the vendor to fix the vulnerability.