Primary

Context

CTCMS Content Management System Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A server-side template injection vulnerability has been identified in CTCMS Content Management System versions prior to 2.1.2. This vulnerability exists in the Frontend/Template Management Module, specifically within the library '/ctcms/apps/libraries/CT_Parser.php'. The issue arises from improper sanitization of template syntax, allowing authenticated administrators to inject malicious code that could be executed remotely.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where CTCMS is hosted.

Reproduction

To reproduce this vulnerability, an authenticated administrator can access the backend template management section and select a template file to edit. Once in the editor, the administrator can inject malicious template syntax that includes PHP functions such as 'eval()'. After saving the changes, the injected code will be executed when the template is rendered on the frontend.

Added: Dec 16, 2025, 12:28 AM

Updated: Dec 16, 2025, 12:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CTCMS Content Management System Server-Side Template Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CTCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating