Armis Vulnerability Intelligence Database

Description Preview

A code injection vulnerability (CWE-94) exists in phpwcms version 1.9.25 that allows remote attackers to execute arbitrary code through the database user field during the installation process. This vulnerability could lead to complete system compromise if successfully exploited.

Overview

phpwcms is a content management system written in PHP. In version 1.9.25, the installation process contains a critical security flaw where user input from the database configuration fields is not properly sanitized before being used. Specifically, the DB user field can be manipulated to include malicious PHP code that will be executed on the server. An attacker who can access the installation page can exploit this vulnerability to execute arbitrary code with the privileges of the web server user, potentially leading to full system compromise.

Remediation

Upgrade to a patched version of phpwcms if available
If upgrading is not immediately possible, consider the following temporary measures:
- Restrict access to the installation directory
- Complete the installation process in a secure environment and then deploy to production
- Monitor system logs for suspicious activities
- Implement web application firewall rules to block potential exploitation attempts
After installation, ensure the installation directory is removed or properly secured
Follow security best practices for PHP applications, including input validation and proper configuration of PHP settings

References

GitHub Issue and Patch: https://github.com/slackero/phpwcms/issues/310
CWE-94: Improper Control of Generation of Code ('Code Injection'): https://cwe.mitre.org/data/definitions/94.html
OWASP Code Injection Prevention: https://owasp.org/www-community/attacks/Code_Injection

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Health Care & Social Assistance
Health Care & Social Assistance
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Manufacturing
Manufacturing
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Utilities
Utilities
Wholesale Trade
Wholesale Trade

^{CVE-2021-36424:}Remote Code Execution Vulnerability in phpwcms 1.9.25 During Installation

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!