Shenzhen Dashi Tongzhou Information Technology AgileBPM FreeMarker Deserialization Vulnerability Leading to Remote Code Execution
Vulnerability
A critical vulnerability has been identified in Shenzhen Dashi Tongzhou Information Technology AgileBPM versions through 2.5.0. The issue resides in the 'parseStrByFreeMarker' function within 'SysToolsController.java', where the 'str' argument is manipulated, leading to unsafe deserialization. This vulnerability allows remote code execution by executing arbitrary FreeMarker code, potentially giving attackers full control over the affected server.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running in the context of the application.
Reproduction
To reproduce this vulnerability, deploy the AgileBPM application version 2.5.0 or earlier. After logging in with default credentials, send a POST request to the '/api/ab-bpm/sys/tools/parseStrByFreeMarker' endpoint. Include a payload in the 'str' parameter that exploits the deserialization vulnerability by executing arbitrary commands on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.