Remote Code Execution Vulnerability in phpwcms by Slackero
CVE-2021-36424

9.8CRITICAL

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-36424?

A vulnerability in phpwcms version 1.9.25 enables remote attackers to execute arbitrary code through the misuse of the DB user field during the installation process. This flaw poses a significant risk, as it can lead to unauthorized access and control over the web server hosting the application. It is crucial for users of phpwcms to apply necessary updates and harden their installations to mitigate this risk.

References

https://github.com/slackero/phpwcms/issues/310

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 12, 2021

JSON

PHPwcms

What is CVE-2021-36424?

References

CVSS V3.1

Timeline