CVE-2021-37770 – Nucleus CMS v3.71 has a file upload vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-37770?

CVE-2021-37770 has a CVSS score of 7.2 (HIGH). Nucleus CMS v3.71 has a file upload vulnerability that allows attackers to bypass .htaccess restrictions and upload malicious files disguised as images. Attackers can execute arbitrary PHP code on the server, potentially compromising the entire website. This affects all installations running the vulnerable version.

📋 TL;DR

Nucleus CMS v3.71 has a file upload vulnerability that allows attackers to bypass .htaccess restrictions and upload malicious files disguised as images. Attackers can execute arbitrary PHP code on the server, potentially compromising the entire website. This affects all installations running the vulnerable version.

💻 Affected Systems

Products:

Nucleus CMS

Versions: v3.71

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with file upload functionality enabled.

📦 What is this software?

Nucleus Cms by Nucleuscms

View all CVEs affecting Nucleus Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, defacement, malware distribution, or use as part of a botnet.

🟠

Likely Case

Website defacement, data exfiltration, or installation of backdoors for persistent access.

🟢

If Mitigated

Limited impact if proper file upload validation and web server hardening are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to upload functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.72 or later

Vendor Advisory: https://github.com/NucleusCMS/NucleusCMS/issues/96

Restart Required: No

Instructions:

1. Backup your database and files. 2. Download the latest version from the official repository. 3. Replace all files except config.php and media folder. 4. Verify functionality.

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable file upload functionality in Nucleus CMS configuration.

Restrict .htaccess modifications

linux

Set proper permissions on .htaccess files to prevent modification.

chmod 644 .htaccess
chown root:root .htaccess

🧯 If You Can't Patch

Implement strict file type validation for uploads (allow only specific extensions)
Configure web server to ignore .htaccess files in upload directories

🔍 How to Verify

Check if Vulnerable:

Check if running Nucleus CMS v3.71 by examining version in admin panel or checking files.

Check Version:

Check includes/constants.php for NUCLEUS_VERSION constant

Verify Fix Applied:

Verify version is v3.72 or later and test file upload functionality with malicious files.

📡 Detection & Monitoring

Log Indicators:

Multiple failed upload attempts
Uploads of files with double extensions (.php.jpg)
Modifications to .htaccess files

Network Indicators:

Unusual outbound connections from web server
HTTP requests executing PHP from image directories

SIEM Query:

source="web_logs" AND (uri="*.php.jpg" OR uri="*/upload/*.php")

📊 Metadata

CVE ID: CVE-2021-37770

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 30, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/NucleusCMS/NucleusCMS/issues/96 Exploit,Issue Tracking,Third Party Advisory
https://shimo.im/docs/Ch9CphJt8XwTvQ3d Exploit,Third Party Advisory
https://github.com/NucleusCMS/NucleusCMS/issues/96 Exploit,Issue Tracking,Third Party Advisory
https://shimo.im/docs/Ch9CphJt8XwTvQ3d Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37770, you might also want to check these: