AIKIDO-2025-10445
craftcms/cms is vulnerable to Remote Code Execution (RCE)
61
Medium Risk
This Affects:
craftcms/cmsTL;DR
Affected versions of this package are vulnerable to Remote Code Execution (RCE). The vulnerability arises due to insufficient validation of the dbBackupPath parameter, allowing an attacker to bypass the security checks by providing a malicious path. By crafting a request with a manipulated dbBackupPath that points to a controlled file outside the intended directory, an attacker can trigger the restoration of a malicious database backup, potentially leading to arbitrary code execution. This exploit requires the attacker to have the permissions to supply crafted input to the actionRestoreDb function, such as through a manipulated API request or a compromised account.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
craftcms/cms is vulnerable to Remote Code Execution (RCE) in versions 5.0.0 - 5.8.3 and 3.0.0 - 4.16.2.
How to fix this
Upgrade the craftcms/cms library to a patch version.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant