CosCms version 1.721 have high risk / 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) OS Command Injection (CWE-78) vulnerability according to HTB23145.
Vulnerability exists due to insufficient validation of user-supplied input in "$_FILES['file']['name']" variable passed to "/gallery/upload/index" URL before using it in PHP "exec()" function. A remote attacker can send a specially crafted HTTP POST request containing a malicious filename, and execute arbitrary commands on the target system with privileges of the web server.
Solution available: upgrade to CosCms 1.822.
No comments:
Post a Comment