CVE-2019-15954 – total4

Package

Manager: npm
Name: total4
Vulnerable Version: =12.0.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.58874 pctl0.98154

Details

Total.js CMS RCE Vulnerability An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: `<script total>global.process.mainModule.require(child_process).exec(RCE);</script>`

Metadata

Created: 2022-05-24T16:55:31Z
Modified: 2023-07-17T23:14:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v287-9w3v-x5c5/GHSA-v287-9w3v-x5c5.json
CWE IDs: ["CWE-77", "CWE-862"]
Alternative ID: GHSA-v287-9w3v-x5c5
Finding: F422
Auto approve: 1