vendor:
XCMS
by:
Onurcan
7.5
CVSS
HIGH
Remote Command Execution (RCE)
78
CWE
Product Name: XCMS
Affected Version From: XCMS v1.83
Affected Version To: XCMS v1.83
Patch Exists: YES
Related CWE:
CPE: xcms
Platforms Tested:
2022
XCMS v1.83 – Remote Command Execution (RCE)
The xcms's footer(that is in "/dati/generali/footer.dtb") is included in each page of the xcms. Taking "home.php" for example, the xcms allow you to modify the footer throught a bugged page called cpie.php included in the admin panel. So with a simple html form, an attacker can change the footer and insert malicious code. Trick: We can change the admin panel password by inserting this code in the footer. Fix: The fix is very simple, just add an exit() after the header() in the cpie.php.
Mitigation:
Add an exit() after the header() in the cpie.php.