CVE-2026-7578
Received Received - Intake
Unrestricted File Upload in MacCMS Pro

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: VulDB

Description
A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7578
EUVD
EUVD-2026-26495
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
maccms maccms_pro to 2022.1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in MacCMS Pro version 2022.1.3 within its plugin management system. It allows an attacker to upload a malicious plugin package containing specially crafted PHP scripts. During the plugin installation process, the system executes the uploaded code without sufficient validation, enabling remote code execution (RCE).

An attacker can create a malicious PHP file that runs system commands and writes their output to files accessible via the web. By packaging this file with a configuration file into a ZIP archive and uploading it through the backend plugin installation interface, the malicious code executes during installation, granting the attacker full control over the server.

Impact Analysis

Exploiting this vulnerability can lead to an attacker gaining full control over the affected server. This includes the ability to execute arbitrary system commands remotely, create or modify files on the server, and potentially compromise sensitive data or disrupt services.

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious files created by the exploit, such as whoami.php or cmd_result.php, in the web root directory after plugin installation attempts.

You can also look for suspicious plugin installation activities involving ZIP archives containing specially crafted PHP scripts and info.ini files.

A practical command to verify if the server is compromised is to access or request the whoami.php file via a web browser or use curl/wget to see if it executes commands.

  • curl http://yourserver/whoami.php
  • curl http://yourserver/cmd_result.php

Additionally, monitoring web server logs for unusual POST requests to /admi.php/admin/addon/add.html can help detect attempts to upload malicious plugins.

Mitigation Strategies

Immediate mitigation steps include disabling the plugin installation feature or restricting access to the /admi.php/admin/addon/add.html endpoint to trusted administrators only.

Ensure that only authenticated and authorized users can upload plugins, and implement strict server-side validation of uploaded plugin packages to prevent arbitrary file uploads.

Remove any suspicious files such as whoami.php or cmd_result.php from the web root directory if found.

Monitor server logs for unusual activity related to plugin uploads and consider temporarily disabling plugin installation until a patch or fix is available.

Compliance Impact

This vulnerability allows attackers to upload and execute arbitrary code on the affected server, potentially leading to unauthorized access and control over sensitive data.

Such unauthorized access and potential data breaches could result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information.

However, the provided information does not explicitly mention the impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7578. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart