OpenCC JFlow Remote Code Execution Vulnerability in WF_CCForm Calculate Method
Vulnerability
A remote code execution vulnerability exists in OpenCC JFlow versions prior to 5badc00db382d7cb82dad231e6a866b18e0addfe. The issue arises in the Calculate() method of the file WF_CCForm.java, where user-inputted formulas are not properly validated. This flaw allows attackers to inject operating system command separators into the calculation interface, leading to the execution of arbitrary commands on the server with high privileges.
Impact
Exploitation of this vulnerability allows for remote code execution on the server, with the executed commands running under the highest privileges.
Reproduction
To reproduce this vulnerability, send a POST request to the 'WF/Comm/ProcessRequest' endpoint with the 'DoType' set to 'HttpHandler' and 'DoMethod' set to 'dtlImp_Save'. Include a JSON payload that triggers the 'Calculate' method in the 'WF_CCForm' handler. The injected payload can be crafted to include malicious JavaScript that executes a command, such as opening the calculator application.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.