CVE-2023-1877 / RCE with Server-Side Template Injection in Microweber

I am familiar with Microweber, a contemporary open-source content management system (CMS). Its main function is to enable users to develop and manage their websites, blogs, and online stores. The system is based on the PHP programming language and boasts an intuitive drag-and-drop interface, which simplifies website customization and design even for those with limited technical skills.

This vulnerability on version 1.3.2

The vulnerability has been fixed in 1.3.4

During my analysis of the Microweber content management system, I uncovered a noteworthy vulnerability in the First Name field. Through my tests, I was able to identify that by inputting the {{7*7}} code, I received a response of 49. This indicates a problem with Server-Side Template Injection (SSTI) and highlights a potential security risk that needs to be addressed.

Having discovered the vulnerability, I conducted further tests and was able to exploit it to send commands to the server. My analysis conclusively demonstrated that Remote Code Execution (RCE) was possible, which is a significant threat as it has the potential to compromise the entire system. Therefore, anyone utilizing Microweber should take this vulnerability seriously and take steps to mitigate the risk.

Upon discovering the vulnerability, I promptly notified the Microweber development team of my findings. They acted swiftly and were able to address the issue by releasing a patch that fixes the vulnerability.

In recognition of my efforts in identifying and reporting the vulnerability, I was awarded a CVE. This recognition reinforces the value of ongoing security research and highlights the crucial role it plays in maintaining the safety and security of our digital systems.

To provide evidence of the vulnerability’s proof of concept, I have included a GIF below. It illustrates how commands can be sent to the server through the First Name field, showcasing the potential impact of this vulnerability.

Thank you for taking the time to read about my analysis. I hope that the information I have provided will be useful for those utilizing Microweber, and that it will help them to enhance their website’s security. =)