CVE-2020-15865

Vulnerability

The vulnerability resides in Stimulsoft Reports version 2013.1.1600.0. The report XML file contains a base64-encoded C# script that is automatically compiled and executed by the server when processing the report. An attacker can modify this script to inject arbitrary C# code, which will be executed in the context of the application server [1].

Exploitation

An attacker needs to supply a crafted report XML file to the server. The attacker can edit the base64-encoded C# code within the XML, re-encode it, and submit the report. The blog demonstrates using System.Diagnostics.Process to launch cmd.exe and execute a PowerShell command to download and run a malicious payload, bypassing namespace blacklists that block System.IO [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the server, leading to full compromise of the application server. This includes the ability to run commands, install malware, and access sensitive data [1].

Mitigation

No official fix or patched version has been disclosed in the available references. Users should consider upgrading to a newer version of Stimulsoft Reports if available, or implement strict input validation and sandboxing for report processing. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date [1].