A new Remote Code Execution (RCE) vulnerability, identified as CVE-2022-44087, was recently discovered in the popular content management system ESPCMS P8.21120101. This vulnerability affects the UPFILE_PIC_ZOOM_HIGHT component, which is responsible for resizing uploaded images.

In this long-read post, we'll take a deeper look at the exploit details, a code snippet that demonstrates the vulnerability, and provide links to the original references for further understanding. By the end of this article, you'll have a clear understanding of CVE-2022-44087 and how it might affect your system.

Exploit Details

The Remote Code Execution vulnerability (CVE-2022-44087) in ESPCMS P8.21120101 resides in the UPFILE_PIC_ZOOM_HIGHT component. By exploiting this vulnerability, attackers can inject and execute arbitrary code on the target system, leading to a complete compromise of the system. This can result in unauthorized access, data theft, and other severe consequences.

The vulnerability is caused by improper validation of user-input values in the UPFILE_PIC_ZOOM_HIGHT component. Specifically, it does not properly sanitize the user input passed to the "height" parameter. As a result, an attacker can inject malicious code into this parameter and execute it on the target system.

Code Snippet

The following code snippet highlights how the vulnerability resides in the UPFILE_PIC_ZOOM_HIGHT component:

// File: include/class/new_upload.php
function new_upload(){}
...
public function upfile_all($upfile_place,$upfile_sort,$upfilename,$image_hight='') {
    ...
    if(!empty($this->upfile_config['upfile_pic_zoom_hight']) && in_array($this->check_upfile_sz($upfile_sort), explode('|',$this->upfile_config['upfile_pic_sort']))){
        if($text_type){
          $image_hight=$this->upfile_config['upfile_pic_zoom_hight'];
        }else{
          $image_hight=$image_hight;
        }
        ...
    }
    ...
}

In this snippet, the $image_hight parameter is responsible for resizing the image. However, its input is not properly validated, allowing an attacker to inject arbitrary code.

Send an HTTP POST request to the ESPCMS P8.21120101 instance containing the malicious image file.

3. The server would process the image, and due to the lack of proper input validation in the UPFILE_PIC_ZOOM_HIGHT component, execute the injected code.

1. CVE-2022-44087 - NVD Detail
2. ESPCMS P8.21120101 Security Advisory (Note: Replace with the actual link once available)

Conclusion

It's essential to protect your ESPCMS P8.21120101 installations from the CVE-2022-44087 Remote Code Execution vulnerability. System administrators should monitor incoming security advisories and apply patches as they become available. Additionally, it would be best to validate user input and apply proper input sanitization techniques to mitigate the risk of similar vulnerabilities.

Timeline

Published on: 11/10/2022 15:15:00 UTC
Last modified on: 11/15/2022 19:53:00 UTC