| tiêu đề | Pagekit CMS framework <= 1.0.18 Remote Code Execution |
|---|
| Mô tả | A critical Remote Code Execution (RCE) vulnerability exists in the Pagekit CMS framework (versions <= 1.0.18) within the Pagekit\View\PhpEngine class. The flaw resides in the evaluate() method at line 54 of app/modules/view/src/PhpEngine.php, which uses PHP's eval() function to execute StringStorage template content without any input validation, sanitization, or origin verification. Specifically, the code passes the template string directly to eval() as follows: eval('; ?>'.$this->template.'<?php ;'). An attacker who can control the content of a template string processed by this engine, whether through user-supplied input, database-stored templates, or any untrusted data flow reaching the renderer, can inject and execute arbitrary PHP code and operating system commands with the privileges of the web server process. This enables full server compromise, including arbitrary file read and write, command execution, reverse shell establishment, and lateral movement. The vulnerability is classified as CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code) and CWE-78 (OS Command Injection), with a CVSS v3.1 base score of 9.8 (Critical) due to its trivial exploitability, potential for unauthenticated exploitation, and complete impact on confidentiality, integrity, and availability. |
|---|
| Nguồn | ⚠️ https://medium.com/@pkhuyar/the-danger-of-php-eval-a23410187ca2 |
|---|
| Người dùng | s4nnty (UID 95917) |
|---|
| Đệ trình | 01/04/2026 03:02 (cách đây 20 ngày) |
|---|
| Kiểm duyệt | 20/04/2026 07:58 (19 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 358286 [Pagekit CMS đến 1.0.18 StringStorage Template PhpEngine.php evaluate nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|