Litepubl CMS Remote Code Execution Vulnerability in Admin Service Run

A remote code execution vulnerability has been identified in Litepubl CMS versions through 7.0.9. The issue arises in the admin/service/run endpoint, where authenticated users can execute PHP scripts. Although the vulnerability is mitigated by certain PHP configuration settings that disable specific functions, there are known bypass methods available.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands on the server, potentially leading to a full compromise of the web application or server.

Reproduction

To reproduce this vulnerability, log into Litepubl CMS version 7.0.9 and navigate to the admin/service/run page. Once there, PHP scripts can be executed directly. After executing a script, the AntSword tool can be used to bypass the disabled functions restriction by sending a crafted request that includes the necessary cookies for authentication. This allows for the execution of system commands, effectively achieving remote code execution on the server.