Evolution CMS, FUDForum, and GitBucket vulnerabilities chained together for maximum impact
Researchers have released details of a trio of cross-site scripting (XSS) vulnerabilities in popular open-source applications that could lead to remote code execution (RCE).
The security bugs, discovered by a research team from PT Swarm, were discovered in web development applications Evolution CMS, FUDForum, and GitBucket.
Web security researcher Aleksey Solovev said The daily sip that this research, detailed in The PT Swarm Blogrelates to how “the combination of the discovered possibility of carrying out an XSS attack and the integrated file manager (or the execution of an SQL query) in the administration panel can lead to a complete compromise of the system “.
The first vulnerability, in Evolution CMS v3.1.8, could allow an attacker to conduct a thoughtful XSS attack in multiple locations in the admin panel.
“The consequence would be a complete system compromise by overwriting the executable file using the built-in file manager.”
Learn more about the latest web security research here
A second flaw, found in FUDforum v3.1.1, could potentially allow a malicious actor to carry out an XSS attack stored in the name of the file attachment in private messages.
“An attacker could send a private message to an administrator with a malicious payload in the name of the attached file,” Solovev said.
Finally, in GitBucket v4.37.1, a security bug was discovered that could allow an attacker to carry out an XSS attack stored in “multiple places”, according to Solovev.
“In the admin panel, it was possible to run SQL code based on the H2 database engine, for which there is already an exploit that allows running a command on the server,” Solovev explained.
“Putting it all together, an attacker could attack the admin and gain the ability to run commands on the server.”
All three vulnerabilities are pending CVE but have been fixed by project managers, Solovev said. The daily sip.
The researcher added that the main difficulty in discovering these flaws was to find the possibility of carrying out an XSS attack.
“The rest of the steps were easier because they had public exploits for legitimate functionality in the form of a file manager in the admin panel,” he explained.
You can find more information about the vulnerabilities and the technical details of the exploit in The PT Swarm Blog.
YOU MIGHT ALSO LIKE GitHub Actions Workflow Flaws Provided Write Access to Projects Including Logstash