CVE-2020-18048

Vulnerability

CraigMS version 1.0 suffers from a command injection vulnerability in craigms/main.php. The application passes user-controlled input from the "DB Name" field directly into an operating system command without sanitization, as classified by CWE-77 [1]. All installations of CraigMS 1.0 using the affected web interface are potentially exploitable.

Exploitation

An attacker can send a crafted POST request to craigms/main.php containing malicious shell metacharacters (e.g., backticks, semicolons, pipe symbols) in the DB Name parameter. No authentication is required to access the vulnerable endpoint. The attack does not require special network position beyond reachability of the web server.

Impact

Successful exploitation allows the attacker to execute arbitrary operating system commands with the privileges of the web server process, typically leading to full compromise of the application and underlying host (confidentiality, integrity, and availability impact).

Mitigation

No official patch or fixed version has been released for CraigMS 1.0. As of the publication date, the vendor has not addressed this vulnerability [1]. Users should consider migrating to an alternative application or implementing a web application firewall (WAF) rule that blocks metacharacters in the DB Name field. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.