PbootCMS Code Injection Vulnerability Allowing Remote Code Execution

A code injection vulnerability allowing remote code execution has been identified in PbootCMS version 3.2.11. The issue arises in the site configuration functionality, specifically within the 'Footer Information' field, where untrusted input is not properly sanitized before being processed and displayed on frontend pages. This vulnerability allows an authenticated administrator to inject malicious PHP code, which is then executed on the server, potentially leading to a full system compromise.

Impact

Exploitation of this vulnerability allows authenticated remote code execution on the server, with the executed code running in the context of the web server process. This could lead to a complete compromise of the hosting environment, including unauthorized access to backend databases and sensitive files, as well as the potential for lateral movement and privilege escalation.

Reproduction

To reproduce this vulnerability, an authenticated administrator must navigate to the site configuration page in the PbootCMS backend. Once there, the administrator can inject a PHP payload into the 'Footer Information' field. After saving the configuration, the template cache should be cleared to ensure the injected code is executed. Finally, visiting any frontend page that includes the '{pboot:sitecopyright}' template tag will trigger the execution of the injected PHP code.