| शीर्षक | cmseasy 7.7.7 Command Injection |
|---|
| विवरण | CmsEasy version 7.7.7 contains a critical vulnerability that allows authenticated administrators to achieve Remote Code Execution (RCE) through a combination of arbitrary file write and local file inclusion vulnerabilities in the template management functionality.
The vulnerability exists in the template editing feature where:
1. The `savetemp_action()` function in `/lib/admin/template_admin.php` allows writing arbitrary content (including PHP code) to template files without proper sanitization
2. The `saveCache()` function writes user-controlled content to the `/data/template/` directory
3. When the `pageset` parameter is present in the URL, the `fetch()` function in `/lib/inc/view.php` loads templates from the `/data/template/` directory
4. The `_eval()` function uses PHP's `include` statement to execute the template file, resulting in arbitrary PHP code execution
An authenticated attacker with administrator privileges can exploit this vulnerability chain to execute arbitrary PHP code on the server, leading to complete system compromise.
|
|---|
| स्रोत | ⚠️ https://note-hxlab.wetolink.com/share/msJH69Y06ZlS |
|---|
| उपयोगकर्ता | yu22x (UID 34832) |
|---|
| सबमिशन | 16/12/2025 08:57 AM (4 महीनों पहले) |
|---|
| संयम | 27/12/2025 02:30 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 338525 [CmsEasy तक 7.7.7 Backend Template Management Page template_admin.php savetemp_action content/tempdata अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|