CVE-2017-14763

Vulnerability

In GeniXCMS version 1.1.4, the Install Themes page does not properly validate the contents of uploaded ZIP archives. A remote authenticated user can upload a ZIP file containing a .php file, which is then extracted and executed on the server. This allows arbitrary PHP code execution. The vulnerability is present in the theme installation functionality [2].

Exploitation

An attacker must have a valid user account with permissions to install themes. The attacker crafts a ZIP archive containing a malicious PHP file and uploads it via the Install Themes page. The system extracts the archive and places the PHP file in the themes directory, where it can be accessed and executed by the attacker [2].

Impact

Successful exploitation leads to arbitrary PHP code execution on the web server. The attacker can then perform actions such as reading sensitive files, modifying the database, or executing system commands, potentially compromising the entire application and server [2].

Mitigation

No official patch is mentioned in the available references. The GeniXCMS project has since released version 2.4.0 [1], which may include security improvements. Users are advised to upgrade to the latest version and restrict theme installation privileges to trusted administrators only. If upgrading is not possible, consider disabling the theme installation feature or implementing additional file validation [1][2].