Invia #707104: ctcms 2.1.2 Command Injectioninformazioni

Titoloctcms 2.1.2 Command Injection
DescrizioneCTCMS (Ctcms video system) version 2.1.2 contains a command execution vulnerability in the backend APP configuration module. An authenticated administrator can modify the APP configuration to inject malicious code, leading to remote code execution.The vulnerability exists in the template parsing mechanism. When users post content in the community section, the system processes template syntax (such as `{if:...}...{end if}`) without proper sanitization. By injecting malicious template code containing PHP functions like `eval()`, an attacker can achieve remote code execution.
Fonte⚠️ https://note-hxlab.wetolink.com/share/R3y6uiOuuYbA
Utente
 airrudder (UID 25092)
Sottomissione05/12/2025 08:52 (6 mesi fa)
Moderazione15/12/2025 18:02 (10 days later)
StatoAccettato
Voce VulDB336486 [CTCMS Content Management System fino a 2.1.2 Backend App Configuration /ctcms/libs/Ct_App.php save CT_App_Paytype escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!