CVE-2026-7578
Unrestricted File Upload in MacCMS Pro
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| maccms | maccms_pro | to 2022.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MacCMS Pro version 2022.1.3 within its plugin management system. It allows an attacker to upload a malicious plugin package containing specially crafted PHP scripts. During the plugin installation process, the system executes the uploaded code without sufficient validation, enabling remote code execution (RCE).
An attacker can create a malicious PHP file that runs system commands and writes their output to files accessible via the web. By packaging this file with a configuration file into a ZIP archive and uploading it through the backend plugin installation interface, the malicious code executes during installation, granting the attacker full control over the server.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to an attacker gaining full control over the affected server. This includes the ability to execute arbitrary system commands remotely, create or modify files on the server, and potentially compromise sensitive data or disrupt services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious files created by the exploit, such as whoami.php or cmd_result.php, in the web root directory after plugin installation attempts.
You can also look for suspicious plugin installation activities involving ZIP archives containing specially crafted PHP scripts and info.ini files.
A practical command to verify if the server is compromised is to access or request the whoami.php file via a web browser or use curl/wget to see if it executes commands.
- curl http://yourserver/whoami.php
- curl http://yourserver/cmd_result.php
Additionally, monitoring web server logs for unusual POST requests to /admi.php/admin/addon/add.html can help detect attempts to upload malicious plugins.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the plugin installation feature or restricting access to the /admi.php/admin/addon/add.html endpoint to trusted administrators only.
Ensure that only authenticated and authorized users can upload plugins, and implement strict server-side validation of uploaded plugin packages to prevent arbitrary file uploads.
Remove any suspicious files such as whoami.php or cmd_result.php from the web root directory if found.
Monitor server logs for unusual activity related to plugin uploads and consider temporarily disabling plugin installation until a patch or fix is available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to upload and execute arbitrary code on the affected server, potentially leading to unauthorized access and control over sensitive data.
Such unauthorized access and potential data breaches could result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information.
However, the provided information does not explicitly mention the impact on compliance with these standards.