CVE Vulnerability

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: global.process.mainModule.require(child_process).exec(RCE);

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.9 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf Exploit Third Party Advisory
https://seclists.org/fulldisclosure/2019/Sep/5 Exploit Mailing List
http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Injection.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:totaljs:total.js_cms:12.0.0:*:*:*:*:*:*:*
Information

Published : 2019-09-05 07:16

Updated : 2022-01-01 08:18

NVD link : CVE-2019-15954

Mitre link : CVE-2019-15954

Products Affected
No products.
CWE
CWE-862