HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding OS command injection. An authenticated attacker can craft a URL string that bypasses the validation checks employed by the `filter_var` and `strpos` functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. Version 11.0.3 contains a patch for the issue.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HPsu Haxcms Node.js
APPPsu< 11.0.3Psu Haxcms PHP
APPPsu< 11.0.0
Related vulnerabilities
HAXcms Node.js — brak uwierzytelnienia przez niebezpieczną konfigurację domyślną
HAX CMS PHP — nierestrykcyjny upload plików (obejście denylisty)
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX ...
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and belo...
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and belo...