Headline
CVE-2022-29307: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection · Issue #405 · ionize/ionize
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
****1.Information****
Exploit Title: IonizeCMS-V1.0.8.1-Unverified post request parameters lead to command injection
Exploit date: 11.04.2022
Exploit Author: [email protected]
Vendor Homepage: https://github.com/ionize/ionize
Affect Version: V1.0.8.1
Description: Code injection in Ionize CMS 1.0.8.1 allows attackers to execute commands remotely via a code injection request from client.
****2.Vulnerability Description****
The exploit code is located in the project’s application/models/lang_model.php file
In the copy_lang_content method, the code is as follows.
The POST parameter from is spliced into the function content parameter in the create_function function without any processing or checking, resulting in a code injection vulnerability
****3.How to Exploit****
Construct the attack packet to achieve the effect of executing the whoami command.
****4.Suggestion****
Validate the parameters in the post request to avoid Code injection
Related news
IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.