Product

Ci4-Cms-Erp/Ci4ms

3 briefs RSS

CI4MS Backup Restore Zip Slip Vulnerability Leads to RCE

The CI4MS Backup restore function is vulnerable to Zip Slip, allowing remote code execution by uploading a malicious ZIP archive that writes PHP files to the public web root due to missing validation of entry names during extraction, affecting versions prior to 0.31.5.0.

ci4-cms-erp/ci4ms zip-slip rce code-injection vulnerability

2r 2t 1w ago

high advisory

CI4MS Authenticated Remote Code Execution via Theme Upload

2 rules 2 TTPs

CI4MS versions 0.26.0.0 through 0.31.6.0 are vulnerable to remote code execution; an authenticated backend user with theme upload permissions can upload a crafted ZIP file containing a PHP file, which is then installed into the web-accessible public directory without filtering, allowing direct execution via HTTP.

ci4-cms-erp/ci4ms code-execution web-application php

2r 2t Jan 30, 2024

critical advisory

CI4MS Theme Upload Zip Slip Vulnerability

2 rules 2 TTPs

A critical vulnerability exists in ci4ms Theme::upload, where improper validation of ZIP archive entry names allows authenticated users with theme creation permissions to write files to arbitrary locations, leading to remote code execution.

ci4-cms-erp/ci4ms zip-slip rce codeigniter vulnerability

2r 2t Jan 2, 2024