CVE-2020-21651 – CVE-2020-21651 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2020-21651?

CVE-2020-21651 has a CVSS score of 9.8 (CRITICAL). CVE-2020-21651 is a critical remote code execution vulnerability in Myucms v2.2.1 that allows attackers to execute arbitrary code on affected systems via the add() method in controller/point.php. This affects all users running the vulnerable version of Myucms content management system. Successful exploitation gives attackers full control over the compromised server.

📋 TL;DR

CVE-2020-21651 is a critical remote code execution vulnerability in Myucms v2.2.1 that allows attackers to execute arbitrary code on affected systems via the add() method in controller/point.php. This affects all users running the vulnerable version of Myucms content management system. Successful exploitation gives attackers full control over the compromised server.

💻 Affected Systems

Products:

Myucms

Versions: v2.2.1

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of Myucms v2.2.1. No special configuration is required for exploitation.

📦 What is this software?

Myucms by Myucms Project

View all CVEs affecting Myucms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers gain shell access to the web server, deface websites, install cryptocurrency miners or ransomware, and exfiltrate database contents.

🟢

If Mitigated

Limited impact with proper network segmentation, web application firewalls, and least privilege configurations preventing lateral movement.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, making them directly accessible to attackers worldwide.

🏢 Internal Only: MEDIUM - Internal systems could still be exploited via phishing or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub issues demonstrate the vulnerability, and RCE vulnerabilities in CMS systems are frequently weaponized. The exploit appears straightforward based on available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check for official patches from Myucms developers. 2. If no patch exists, upgrade to a newer version if available. 3. Consider migrating to alternative CMS solutions if Myucms is no longer maintained.

🔧 Temporary Workarounds

Disable vulnerable endpoint

linux

Remove or restrict access to controller/point.php to prevent exploitation

mv /path/to/myucms/controller/point.php /path/to/myucms/controller/point.php.disabled

Implement WAF rules

all

Configure web application firewall to block requests to the vulnerable endpoint

🧯 If You Can't Patch

Isolate the affected system in a DMZ with strict network controls
Implement application allowlisting and disable unnecessary PHP functions

🔍 How to Verify

Check if Vulnerable:

Check if Myucms version is 2.2.1 by examining version files or configuration. Review if controller/point.php exists with the add() method.

Check Version:

grep -r 'version' /path/to/myucms/ | grep -i '2.2.1'

Verify Fix Applied:

Verify controller/point.php is removed, renamed, or patched. Test with controlled payloads to confirm RCE is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to controller/point.php
System commands execution in web logs
Unexpected process spawns from web server user

Network Indicators:

Outbound connections from web server to suspicious IPs
Unusual traffic patterns from web application

SIEM Query:

source="web_logs" AND (uri="*controller/point.php*" OR method="POST" AND uri="*point.php*")

📊 Metadata

CVE ID: CVE-2020-21651

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: October 6, 2021

Last Updated: November 21, 2024

🔗 References

https://cwe.mitre.org/data/definitions/96.html Technical Description
https://github.com/lolipop1234/XXD/issues/3 Exploit,Third Party Advisory
https://cwe.mitre.org/data/definitions/96.html Technical Description
https://github.com/lolipop1234/XXD/issues/3 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21651, you might also want to check these: