CVE-2021-27983 – A Remote Code Execution vulnerability in MaxSit... (How to Fix)

Q: What is the severity of CVE-2021-27983?

CVE-2021-27983 has a CVSS score of 9.8 (CRITICAL). A Remote Code Execution vulnerability in MaxSite CMS v107.5 allows attackers to execute arbitrary code on affected systems through the Documents page. This affects all users running the vulnerable version of MaxSite CMS, potentially compromising the entire web server.

📋 TL;DR

A Remote Code Execution vulnerability in MaxSite CMS v107.5 allows attackers to execute arbitrary code on affected systems through the Documents page. This affects all users running the vulnerable version of MaxSite CMS, potentially compromising the entire web server.

💻 Affected Systems

Products:

MaxSite CMS

Versions: v107.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of MaxSite CMS v107.5 are vulnerable by default. No special configuration required.

📦 What is this software?

Maxsite Cms by Max 3000

View all CVEs affecting Maxsite Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to internal networks, or use server for cryptocurrency mining or DDoS attacks.

🟠

Likely Case

Website defacement, data theft, installation of backdoors, and use of server resources for malicious activities.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and monitoring are in place to detect and block exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is publicly documented with proof-of-concept available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v107.6 or later

Vendor Advisory: https://github.com/maxsite/cms/issues/430

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from the official MaxSite CMS repository. 3. Replace all files with the updated version. 4. Verify the Documents page functionality.

🔧 Temporary Workarounds

Disable Documents Module

linux

Temporarily disable or remove the vulnerable Documents page functionality

mv /path/to/cms/modules/documents /path/to/cms/modules/documents.disabled

WAF Rule Implementation

all

Implement Web Application Firewall rules to block exploitation attempts

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Deploy intrusion detection systems and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if running MaxSite CMS version 107.5 by examining the CMS version in admin panel or configuration files

Check Version:

grep -r 'version' /path/to/maxsite/cms/config/ files or check admin dashboard

Verify Fix Applied:

Verify version is 107.6 or later and test Documents page functionality for any anomalies

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads via Documents page
Suspicious POST requests to documents-related endpoints
Unexpected system command execution in web server logs

Network Indicators:

Unusual outbound connections from web server
Traffic patterns indicating reverse shell establishment

SIEM Query:

source="web_logs" AND (uri="/documents/*" OR uri="*/documents") AND (method="POST" OR method="PUT") AND size>100000

📊 Metadata

CVE ID: CVE-2021-27983

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: December 10, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/maxsite/cms/issues/430 Exploit,Third Party Advisory
https://github.com/maxsite/cms/issues/430 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON