CVE-2026-15516
Received Received - Intake

Authorization Bypass in MacCMS Pro Installation Module

Vulnerability report for CVE-2026-15516, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. Upgrading to version 2022.1000.3025 is recommended to address this issue. Upgrading the affected component is recommended.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
trustbigcat maccms_pro to 2022.1000.3025 (exc)
magicblack maccms10 to 2022.1000.3025 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The primary and recommended mitigation step is to upgrade MacCMS Pro to version 2022.1000.3025 or later. This version includes a global check that prevents access to the installation module once the system is locked, effectively fixing the authorization bypass vulnerability.

Until the upgrade can be applied, restrict access to the installation module endpoint to trusted administrators only, for example by using firewall rules or web server access controls.

Additionally, monitor for any unauthorized access attempts to the installation step 5 endpoint and review logs for suspicious POST requests that attempt to re-trigger the installation process.

Executive Summary

This vulnerability exists in the installation module of MacCMS Pro (also known as maccms10) in the step5 function of the file application/install/controller/Index.php. It allows unauthenticated remote attackers to bypass the installation lock by directly accessing the final installation step.

Because the step5 function does not check for the presence of the install.lock file, an attacker can re-trigger the installation process via a crafted POST request. This lets the attacker re-initialize the system, overwrite the configuration, and create a new administrative account without authorization.

The vulnerability requires a high level of complexity to exploit and is considered difficult, but the exploit is publicly available. The issue affects all versions up to 2022.1000.3005 and is fixed in version 2022.1000.3025 and later.

Impact Analysis

This vulnerability can have serious impacts because it allows an attacker to bypass authorization controls remotely and without authentication.

An attacker exploiting this flaw can re-initialize the system, overwrite existing configurations, and create new administrative accounts. This effectively gives the attacker full control over the affected system.

Such unauthorized access can lead to data breaches, loss of data integrity, unauthorized changes to system settings, and potential further exploitation of the compromised system.

Detection Guidance

This vulnerability can be detected by attempting to access the installation step 5 endpoint on the affected system. Specifically, sending a crafted POST request to /index.php?s=install/index/index&step=5 with parameters such as account, password, install_dir, and initdata can reveal if the system is vulnerable.

In vulnerable versions, this request returns a 200 OK response with a success message, indicating that the installation logic can be re-triggered and the system can be re-initialized. In patched versions, the same request returns a 403 Forbidden response.

  • Use a command-line tool like curl to test the endpoint, for example:
  • curl -X POST "http://target-system/index.php?s=install/index/index&step=5" -d "account=test&password=test&install_dir=/&initdata=test" -i

If the response status is 200 OK with a success message, the system is likely vulnerable. If the response is 403 Forbidden, the system is patched.

Compliance Impact

The vulnerability allows unauthenticated remote attackers to bypass the installation lock, re-initialize the system, overwrite configuration, and create new administrative accounts. This could lead to unauthorized access and potential data manipulation.

Such unauthorized access and control over the system may result in violations of data protection and privacy regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15516. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart