| 제목 | CMSMadeSimple CMS Made Simple (CMSMS) 2.2.22 and old versions modules/UserGuide/lib/class.UserGuideImporterExporter.php |
|---|
| 설명 | CMS Made Simple (CMSMS) version 2.2.22 and earlier contains a path traversal vulnerability in the UserGuide module's XML import functionality. The _copyFilesToFolder() function in modules/UserGuide/lib/class.UserGuideImporterExporter.php fails to properly sanitize user-supplied filenames and directory paths from imported XML files. An authenticated administrator can exploit this vulnerability by uploading a specially crafted XML file containing path traversal sequences (../) and base64-encoded malicious code, allowing arbitrary file uploads to any location on the server file system. This can lead to remote code execution, complete server compromise, data theft, and denial of service. The vulnerability affects the default installation with no additional configuration required.
CVSS v3.1 Base Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-22: Improper Limitation of a Pathname to a Restricted Directory
CWE-434: Unrestricted Upload of File with Dangerous Type |
|---|
| 원천 | ⚠️ https://drive.proton.me/urls/Q0JHZ339BW#X9P2G3Guwvwa |
|---|
| 사용자 | caginkyr (UID 96143) |
|---|
| 제출 | 2026. 03. 05. PM 01:03 (30 날 ago) |
|---|
| 모더레이션 | 2026. 03. 31. AM 10:40 (26 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354331 [CMS Made Simple 까지 2.2.22 UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|