Westboy CicadasCMS Template Management Deserialization Vulnerability Allowing Remote Code Execution
Vulnerability
A deserialization vulnerability has been identified in Westboy CicadasCMS version 1.0, specifically within the Template Management component. This issue arises from an unknown processing of the file '/system', allowing for remote exploitation. The vulnerability has been publicly disclosed and could be actively exploited.
Impact
Exploitation of this vulnerability leads to unauthorized remote code execution on the server.
Reproduction
To reproduce this vulnerability, access the application and navigate to 'System Management', then 'Template Management'. Select a template, such as 'index.html', and input a crafted payload that exploits the deserialization flaw. Once the payload is executed, it will trigger a command execution, such as launching the calculator application, demonstrating the successful exploitation of the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.