4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.1%
An authenticated backend user with the editor.cms_pages
, editor.cms_layouts
, or editor.cms_partials
permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safe_mode
being enabled can craft a special request to include PHP code in the CMS template.
This is not a problem for anyone who trusts their users with those permissions to usually write & manage PHP within the CMS by not having cms.safe_mode
enabled. Still, it would be a problem for anyone relying on cms.safe_mode
to ensure that users with those permissions in production do not have access to write and execute arbitrary PHP.
This issue has been patched in v3.4.15.
As a workaround, remove the specified permissions from untrusted users.
Credits to:
If you have any questions or comments about this advisory:
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.1%