module
Remote Code Execution Vulnerability in Vvveb
| Disclosed |
|---|
| Jan 10, 2025 |
Disclosed
Jan 10, 2025
Description
Vvveb CMS is vulnerable to code injection via the Code Editor functionality.
Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem,
allowing remote authenticated attackers with access to the Code Editor to achieve code execution
when those modified files are executed or served by the application or web server.
This vulnerability affects Vvveb CMS versions up to and including 1.0.5.
Successful exploitation may result in the remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem,
allowing remote authenticated attackers with access to the Code Editor to achieve code execution
when those modified files are executed or served by the application or web server.
This vulnerability affects Vvveb CMS versions up to and including 1.0.5.
Successful exploitation may result in the remote code execution under the privileges
of the web server, potentially exposing sensitive data or disrupting survey operations.
An attacker can execute arbitrary system commands in the context of the user running the web server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.