Halo CMS Denial-of-Service Vulnerability via Malformed Comment Payload

A denial-of-service vulnerability has been identified in Halo CMS versions through 2.22.4. This issue allows remote attackers to disrupt the admin comment management interface by submitting malformed comments through the public comment submission endpoint. The absence of required fields in the comment payload, such as the 'version' field, triggers an unhandled exception when the comments are processed, leading to a persistent HTTP 500 error on the comments management page. Recovery from this issue may require manual deletion of the offending comments from the database or through the Halo API.

Impact

Exploitation of this vulnerability causes the admin comment management page to return an HTTP 500 Internal Server Error, disrupting access to comment management until the problematic comment is deleted or the issue is otherwise resolved.

Reproduction

To reproduce this vulnerability, deploy a vulnerable version of Halo CMS (2.22.4 or earlier) and ensure that the comment system is configured to allow comments from all users. Then, submit a comment payload that omits the necessary 'version' field. Once the comment is submitted, the admin comment page will return an HTTP 500 error, indicating that the vulnerability has been successfully exploited.

Remediation

Users can delete the malformed comments causing the issue using the Halo 'Data Studio' plugin, available in the Halo app store.