CVE-2020-29279 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2020-29279?

CVE-2020-29279 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary PHP code on 74CMS websites through a remote file inclusion flaw in the assign_resume_tpl method. It affects all 74CMS installations before version 6.0.48. Attackers can gain complete control of affected systems without authentication.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary PHP code on 74CMS websites through a remote file inclusion flaw in the assign_resume_tpl method. It affects all 74CMS installations before version 6.0.48. Attackers can gain complete control of affected systems without authentication.

💻 Affected Systems

Products:

74CMS

Versions: All versions before 6.0.48

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of 74CMS. No special configuration required for exploitation.

📦 What is this software?

74cms by 74cms

View all CVEs affecting 74cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install backdoors, and pivot to other systems in the network.

🟠

Likely Case

Remote code execution leading to website defacement, data theft, and installation of malware or cryptocurrency miners.

🟢

If Mitigated

Limited impact with proper network segmentation, web application firewalls, and file upload restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.48 and later

Vendor Advisory: http://www.74cms.com/news/show-2497.html

Restart Required: No

Instructions:

1. Download 74CMS version 6.0.48 or later from the official website. 2. Backup your current installation and database. 3. Replace all files with the patched version. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable PHP file inclusion functions

all

Modify PHP configuration to disable dangerous functions

php.ini: disable_functions = include,require,include_once,require_once

Web Application Firewall rule

all

Block requests containing suspicious file inclusion patterns

WAF rule: Block requests with '..' or 'http://' in file parameters

🧯 If You Can't Patch

Implement strict input validation on all file inclusion parameters
Deploy a web application firewall with specific rules to block RFI attempts

🔍 How to Verify

Check if Vulnerable:

Check if your 74CMS version is below 6.0.48 by examining the version file or admin panel

Check Version:

Check /Application/Common/Conf/version.php or admin panel version display

Verify Fix Applied:

Confirm the version is 6.0.48 or higher and test that file inclusion parameters are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual file inclusion attempts in web server logs
Requests with external URLs in file parameters
Multiple failed inclusion attempts

Network Indicators:

Outbound connections to suspicious domains after file inclusion attempts
Unusual PHP execution patterns

SIEM Query:

web_access_logs | where url contains ".." or url contains "http://" and url contains ".php"

📊 Metadata

CVE ID: CVE-2020-29279

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: December 2, 2020

Last Updated: November 21, 2024

🔗 References

http://www.74cms.com/news/show-2497.html Exploit,Vendor Advisory
https://github.com/BigTiger2020/74CMS/blob/main/README.md Exploit,Third Party Advisory
http://www.74cms.com/news/show-2497.html Exploit,Vendor Advisory
https://github.com/BigTiger2020/74CMS/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON