Vulnerability Description
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totaljs | Total.Js Cms | 12.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-CoExploitThird Party AdvisoryVDB Entry
- https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_finaExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2019/Sep/5ExploitMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-CoExploitThird Party AdvisoryVDB Entry
- https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_finaExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2019/Sep/5ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2019-15954?
CVE-2019-15954 is a vulnerability with a CVSS score of 9.9 (CRITICAL). An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget wit...
How severe is CVE-2019-15954?
CVE-2019-15954 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-15954?
Check the references section above for vendor advisories and patch information. Affected products include: Totaljs Total.Js Cms.