Primary

Context

Perch CMS Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Perch CMS version 3.2, allowing authenticated administrators to upload arbitrary PHP files via the assets management interface. Exploitation involves uploading a malicious .phar file that can execute system commands, thereby allowing arbitrary command execution on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Perch CMS is installed.

Reproduction

To reproduce this vulnerability, log into an admin account and navigate to the assets management interface. Upload a .phar file containing a PHP payload that includes system command execution capabilities. After uploading, the file can be accessed through the admin resources, allowing the execution of commands on the server.

Added: Dec 15, 2025, 9:41 PM

Updated: Dec 15, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.1

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Perch CMS Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating