PublicCMS Command Injection Vulnerability Allowing Arbitrary Command Execution
Vulnerability
A command injection vulnerability has been identified in PublicCMS versions V5.202506.a and V5.202506.b. This vulnerability allows attackers to execute arbitrary commands by injecting crafted values into the DATABASE, USERNAME, or PASSWORD variables, which are then passed to the backupDB.bat file without proper validation or sanitization.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server where PublicCMS is running.
Reproduction
To reproduce this vulnerability, create a database with a password containing a command separator, such as '|calc'. After setting up the database, install PublicCMS and log into the backend. Navigate to the 'Execute Script' interface and select the backupDB.bat file. The vulnerability can also be triggered by directly modifying the database.properties file to include a malicious username or password.
Remediation
Developers should implement validation to restrict the use of command separators in database names, usernames, and passwords.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.