| 제목 | ctcms 2.1.2 Command Injection |
|---|
| 설명 | CTCMS (Ctcms video system) version 2.1.2 contains a command execution vulnerability in the backend system configuration module. An authenticated administrator can modify system configuration settings to inject malicious code, leading to remote code execution.The vulnerability exists in the system configuration management functionality. When an administrator saves system configuration settings, the system writes the configuration data to `/ctcms/libs/Ct_Config.php` without proper sanitization. By intercepting the request and adding malicious parameters to "Duplicate Entry Rules" or "Secondary Update Rules", an attacker can inject PHP code that will be executed when the configuration file is accessed. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/87u6f02Gho0K |
|---|
| 사용자 | airrudder (UID 25092) |
|---|
| 제출 | 2025. 12. 05. AM 08:59 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 15. PM 06:02 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336487 [CTCMS Content Management System 까지 2.1.2 Backend System Configuration Ct_Config.php Cj_Add/Cj_Edit 권한 상승] |
|---|
| 포인트들 | 20 |
|---|