| 标题 | code-projects Chamber of Commerce Membership Management System 1.0 Command Injection |
|---|
| 描述 | A critical Remote Code Execution (RCE) vulnerability has been identified in CMMS (Chamber of Commerce Membership Management Software). This vulnerability resides in the mail queue functionality within the admin/pageMail.php and admin/pageSender.php files. When an administrator sends an email, the application writes the user-supplied mail subject and message body directly into a dynamically generated PHP file using fwrite(), which is subsequently included and executed by pageSender.php via include(). Due to insufficient input sanitization of the $mailSubject and $mailMessage parameters before writing them into the PHP file, an attacker with administrator privileges can inject arbitrary PHP code through the mail message field. Successful exploitation allows the attacker to execute arbitrary system commands, read or modify any file on the server, and completely compromise the underlying system. Although this vulnerability requires administrator-level authentication, it poses a significant security risk in scenarios involving compromised admin credentials, insider threats, or CSRF chaining (as the mail form lacks CSRF protection). Immediate remediation is recommended by replacing the PHP file-based mail queue mechanism with a non-executable data format such as JSON or a database-backed queue. |
|---|
| 来源 | ⚠️ https://gist.github.com/y7y7y77/dd6df2db50fd0146b72fc4e0766a4ffd |
|---|
| 用户 | y7_0x (UID 96237) |
|---|
| 提交 | 2026-03-12 19時03分 (17 日前) |
|---|
| 管理 | 2026-03-27 17時27分 (15 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 353964 [code-projects Chamber of Commerce Membership Management System 1.0 admin/pageMail.php fwrite mailSubject/mailMessage 权限提升] |
|---|
| 积分 | 20 |
|---|