Miggo Logo

CVE-2011-4943: ImpressPages CMS RCE

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.75285%
Published
4/22/2022
Updated
1/15/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
impresspages/impresspagescomposer<= 1.0.121.0.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from multiple functions using user-controlled parameters (cm_group/cm_name/group_key/module_key) directly in eval() calls to dynamically load modules. The GitHub patch adds Db::getMenuModModule validation before these eval() calls, confirming the original code lacked proper input sanitization. This allowed attackers to inject arbitrary PHP code via crafted module/group names, triggering CWE-94 code injection. The eval() patterns in actions.php and backend_worker.php are the primary vectors, as shown by their explicit patching in the commit diff.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Impr*ssP***s *MS v*.*.** **s Unsp**i*i** R*mot* *o** *x**ution (*ix** in v*.*.**)

Reasoning

T** vuln*r**ility st*ms *rom multipl* *un*tions usin* us*r-*ontroll** p*r*m*t*rs (*m_*roup/*m_n*m*/*roup_k*y/mo*ul*_k*y) *ir**tly in *v*l() **lls to *yn*mi**lly lo** mo*ul*s. T** *it*u* p*t** ***s **::**tM*nuMo*Mo*ul* v*li**tion ***or* t**s* *v*l() *