| 제목 | ctcms 2.1.2 Command Injection |
|---|
| 설명 | CTCMS (Ctcms video system) version 2.1.2 contains a command execution vulnerability in the backend APP configuration module. An authenticated administrator can modify the APP configuration to inject malicious code, leading to remote code execution.The vulnerability exists in the template parsing mechanism. When users post content in the community section, the system processes template syntax (such as `{if:...}...{end if}`) without proper sanitization. By injecting malicious template code containing PHP functions like `eval()`, an attacker can achieve remote code execution. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/R3y6uiOuuYbA |
|---|
| 사용자 | airrudder (UID 25092) |
|---|
| 제출 | 2025. 12. 05. AM 08:52 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 15. PM 06:02 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336486 [CTCMS Content Management System 까지 2.1.2 Backend App Configuration /ctcms/libs/Ct_App.php save CT_App_Paytype 권한 상승] |
|---|
| 포인트들 | 20 |
|---|