vendor:
Typesetter CMS
by:
Rodolfo 't0gu' Tavares
7.2
CVSS
HIGH
Arbitrary Code Execution
78
CWE
Product Name: Typesetter CMS
Affected Version From: 5.1
Affected Version To: 5.1
Patch Exists: YES
Related CWE: CVE-2020-25790
CPE: a:typesettercms:typesetter_cms:5.1
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Linux / Apache
2020
Typesetter CMS 5.1 – Arbitrary Code Execution
The CMS Typesetter has functionality (web interface) where it is possible through an account with privileges to perform uploads. Through this functionality, it is possible to upload a .zip file that contains a malicious .php file. In the same functionality, there is also the possibility to extract the file through the same web interface, the attacker only needs to extract the .zip that was previously loaded and click on the malicious .php file to execute commands in the operating system.
Mitigation:
Ensure that the web application is configured to only allow uploads of files with the appropriate extensions and that the application is configured to only allow the execution of files with the appropriate extensions.
