| タイトル | code-projects Chamber of Commerce Membership Management System 1.0 Command Injection |
|---|
| 説明 | A critical Remote Code Execution (RCE) vulnerability has been identified in CMMS (Chamber of Commerce Membership Management Software). This vulnerability resides in the mail queue functionality within the admin/pageMail.php and admin/pageSender.php files. When an administrator sends an email, the application writes the user-supplied mail subject and message body directly into a dynamically generated PHP file using fwrite(), which is subsequently included and executed by pageSender.php via include(). Due to insufficient input sanitization of the $mailSubject and $mailMessage parameters before writing them into the PHP file, an attacker with administrator privileges can inject arbitrary PHP code through the mail message field. Successful exploitation allows the attacker to execute arbitrary system commands, read or modify any file on the server, and completely compromise the underlying system. Although this vulnerability requires administrator-level authentication, it poses a significant security risk in scenarios involving compromised admin credentials, insider threats, or CSRF chaining (as the mail form lacks CSRF protection). Immediate remediation is recommended by replacing the PHP file-based mail queue mechanism with a non-executable data format such as JSON or a database-backed queue. |
|---|
| ソース | ⚠️ https://gist.github.com/y7y7y77/dd6df2db50fd0146b72fc4e0766a4ffd |
|---|
| ユーザー | y7_0x (UID 96237) |
|---|
| 送信 | 2026年03月12日 19:03 (17 日 ago) |
|---|
| モデレーション | 2026年03月27日 17:27 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353964 [code-projects Chamber of Commerce Membership Management System 1.0 admin/pageMail.php fwrite mailSubject/mailMessage 特権昇格] |
|---|
| ポイント | 20 |
|---|