Published: 05/09/2019 Updated: 01/01/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>

Vulnerable Product	Search on Vulmon	Subscribe to Product
totaljs total.js cms 12.0.0

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::CmdStager def initialize(info={}) ...

CWE-862 https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf https://seclists.org/fulldisclosure/2019/Sep/5 http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47531

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-15954

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect