CVE-2019-15954
CRITICAL9.9EPSS 56.9%Total.js CMS RCE Vulnerability
發布日:2022/5/24修改日:2023/11/8
描述
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: `<script total>global.process.mainModule.require(child_process).exec(RCE);</script>`
受影響套件(1)
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-15954
- PATCHhttps://github.com/totaljs/cms
- WEBhttp://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Injection.html
- WEBhttps://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf
- WEBhttps://seclists.org/fulldisclosure/2019/Sep/5