PT-2022-17275 · Unknown · Maxsite Cms
Fuzzyap1
·
Published
2022-02-28
·
Updated
2022-03-08
·
CVE-2022-25411
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Maxsite CMS version v180
Description
A Remote Code Execution (RCE) issue exists at the "/admin/options" API endpoint, allowing attackers to execute arbitrary code via a crafted PHP file.
Recommendations
For Maxsite CMS version v180, consider disabling access to the "/admin/options" API endpoint until a patch is available. Restrict the ability to upload or execute PHP files to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maxsite Cms