MacCMS Pro Unrestricted File Upload Vulnerability in Plugin Installation Handler

A vulnerability allowing arbitrary file upload has been identified in MacCMS Pro versions through 2022.1.3. This issue arises in the Plugin Installation Handler, specifically within the 'install' function of the file '/admi.php/admin/addon/add.html'. The vulnerability can be exploited remotely, allowing attackers to upload malicious plugins that could execute harmful code on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which could be used to execute malicious scripts on the server, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, log into the MacCMS Pro management backend and navigate to the plugin installation page. Create a zip file containing a malicious script, such as a PHP file that executes a command, and compress it into a zip archive. Upload this zip file through the plugin upload feature. After the upload is complete, the malicious script will be executed, demonstrating the vulnerability.

Remediation

Users are advised to update to the latest version of MacCMS Pro, where this vulnerability has been addressed. Additionally, plugin upload features should be disabled or restricted until the update can be applied.