08CMS Novel System Code Injection Vulnerability in Template Handler
Vulnerability
A code injection vulnerability has been identified in 08CMS Novel System versions through 3.4. The issue arises in the Template Handler component, specifically within the file admina/mtpls.inc.php. This vulnerability allows remote attackers to inject malicious code, which could be executed on the server.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server.
Reproduction
To reproduce this vulnerability, first upload a PHP file template through the admin interface. Once the template is uploaded, navigate to the editing section of the template. Inject malicious code into the template file and save the changes. Afterward, access the uploaded template file through the web server, which will execute the injected PHP code. This can be verified by executing a command such as 'phpinfo()' through the backdoor created by the injected code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.