CVE-2020-29279 Scanner

74CMS is widely used by various organizations and individuals for managing job recruitment processes and career sites. This platform allows users to create and regulate job listings, company profiles, and applicant resumes. Small to large enterprises utilize 74CMS to streamline recruitment, enhance job-seeking experiences, and facilitate communication between employers and job seekers. The software supports multiple templates and plugins, aiding customization and feature expansion. As a web-based application, it primarily operates on servers and interacts over the internet, providing accessible interface for both recruiters and job seekers globally.

Remote File Inclusion (RFI) is a critical vulnerability that allows an attacker to include and execute remote files through a system's web server, potentially executing arbitrary code on the target server. This vulnerability actions by exploiting dynamic file inclusion mechanisms in web applications. RFI can lead to significant security compromises, including data breaches and unauthorized access. It affects the integrity and confidentiality of the system by allowing the injection of malicious code. The inclusion and execution happen when user-supplied input is not properly validated, enabling remote attackers to execute their malicious files.

This vulnerability in 74CMS exists in the assign_resume_tpl method of the BaseController.class.php where a PHP remote file inclusion is possible. Attackers can exploit this by crafting special HTTP requests to the endpoint, allowing execution of arbitrary scripts hosted on another server. The vulnerable parameter 'tpl' accepts user inputs that are insufficiently sanitized, leading to the inclusion of unauthorized remote files. Considering the significant impact of this vulnerability, systems using versions before 6.0.48 are at high risk. Technical details reveal that an RFI exploit successfully interacts with the server when certain code patterns and statuses are present in server responses.

When exploited, this vulnerability can have severe consequences, including the complete compromise of the affected system. Attackers may gain the ability to execute arbitrary commands with the privileges of the web server process. This can lead to data exfiltration, system outages, the deployment of malware or further penetration into the network. Moreover, since this allows unauthorized code execution, potential attacks can also include lateral movement within the network. The risk to business operations is substantial, potentially affecting business continuity and service integrity.

REFERENCES

• https://github.com/Ares-X/VulWiki/blob/master/Web%E5%AE%89%E5%85%A8/74cms/74cms%20v6.0.48%E6%A8%A1%E7%89%88%E6%B3%A8%E5%85%A5%2B%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%ABgetshell.md
• https://www.wangan.com/p/7fyg8ka5a6f81cb6
• https://cloud.tencent.com/developer/article/1856739