Mirweiye Wenkucms OS Command Injection Vulnerability in Common.php

A critical OS command injection vulnerability has been identified in Mirweiye Wenkucms versions up to 3.4. The issue resides in the 'createPathOne' function within 'app/common/common.php', where the '$path' parameter is not properly validated before being passed to the system function for command execution. This vulnerability can be exploited remotely by users with administrator accounts.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server.

Reproduction

To reproduce this vulnerability, log into the Wenkucms application as an administrator. Once logged in, navigate to the settings where the 'wkcms_attach_path' parameter can be modified. Change this parameter to include a malicious payload that, when executed, could open a reverse shell. After setting the payload, trigger the 'get_avatar_file' method by accessing the image cropping function in the user personal center. This will invoke the 'createPathOne' function with the crafted path, leading to command execution on the server.