Sanluan PublicCMS Path Traversal Vulnerability in Template Cache Component
Vulnerability
A path traversal vulnerability has been identified in Sanluan PublicCMS version 6.202506.d. The issue arises in the Template Cache Generation component, specifically within the saveMetadata function of TemplateCacheComponent.java. This vulnerability allows remote attackers to manipulate request parameters and traverse the file system, potentially overwriting sensitive files and executing arbitrary code. The vulnerability is publicly known, and an exploit is available.
Impact
Exploitation of this vulnerability allows for path traversal, enabling attackers to write cache files outside the intended directory. This could overwrite execution scripts, leading to remote code execution.
Reproduction
To reproduce this vulnerability, send a request to the saveMetadata function with a crafted 'q' parameter that includes path traversal sequences. The server will process the request and write the cache file to the specified location, outside the normal cache directory. This can be used to overwrite a default execution script, resulting in remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.