Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
%2C%20PowerCMS%205.21%20and%20earlier%20(PowerCMS%205%20Series)%2C%20PowerCMS%204.51%20and%20earlier%20(PowerCMS%204%20Series)%2C%20and%20PowerCMS%203%20Series%20and%20earlier%20which%20are%20unsupported%20(End-of-Life%2C%20EOL)%20&color=brightgreen)
PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
No PoCs from references.
- https://github.com/karimhabush/cyberowl