Kohana KodiCMS Code Injection Vulnerability in Layout API Endpoint
Vulnerability
A code injection vulnerability has been identified in Kohana KodiCMS versions through 13.82.135. The issue arises in the Layout API Endpoint, specifically within the Save function of the file cms/modules/kodicms/classes/kodicms/model/file.php. The vulnerability allows for arbitrary PHP code execution by manipulating the content parameter, which is then written to PHP files without proper sanitization. This flaw can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for arbitrary PHP code execution on the server, with the injected code being executed in the context of the web server user.
Reproduction
To reproduce this vulnerability, send a PUT request to the Layout API endpoint with a crafted payload containing malicious PHP code in the content parameter. The API key is required for authentication, which can be obtained through database access, admin panel access, or configuration files. Once the payload is injected, the webshell can be accessed via the publicly accessible layouts directory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.