Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Fork CMS 5.9.2 arbitrary file upload vulnerability

the contents management system web application FORK CMS version 5.9.2 is prone to arbitrary file upload vulnerability. This vulnerability effects the forkcms application and the underlining Web server since attackers can achieve a remote code execution.

How

Authenticated users can upload a new theme thru the Themes panel in the settings tab, it's possible to craft a custom zip file hosting a malicious code and .htaccess file to create arbitrary files on the Themes folder. .htaccess file will instruct the web server to allow running a new file type under the web application context. Successful attack will result an entire Web server compromise specially in shared hosting and also database access since the attackers can read/access the config files.

Mitigation

To mitigate this issue quickly developers should sanitize files while uploading themes, to disallow the .htaccess file.