Closed secflag closed 8 months ago
Thanks for reporting. The vulnerability is only accessable if a malicious user has a) backend access and b) is allowed to install languages. Fixing the issue would mean to apply conceptional changes to the whloe language management; so actually it is in the responsibility of the site administrator to grant access only to trustworthy users and only the areas they really need (e.g. editing contents but not installing modules, languages etc.). Nevertheless we will take this into consideration for a later version.
Vulnerability description
There is a command execution vulnerability in the background of WBCE CMS V1.5.3. Vulnerability URL /admin/languages/install.php Install Language module parameter filtering is not strict, there is a command execution vulnerability
Vulnerability analysis
In the receiving method on line 47 of the file /admin/languages/install.php, the system first saves the data submitted by the client to a temporary file, and then executes the relevant code to trigger the command execution vulnerability.
Vulnerability verification process