CVE-2021-38243 – XunruiCMS up to version 4.5.1 contains a remote... (How to Fix)

Q: What is the severity of CVE-2021-38243?

CVE-2021-38243 has a CVSS score of 9.8 (CRITICAL). XunruiCMS up to version 4.5.1 contains a remote code execution vulnerability in index.php that allows attackers to execute arbitrary code via crafted GET requests. This affects all systems running vulnerable versions of XunruiCMS, potentially allowing complete system compromise.

📋 TL;DR

XunruiCMS up to version 4.5.1 contains a remote code execution vulnerability in index.php that allows attackers to execute arbitrary code via crafted GET requests. This affects all systems running vulnerable versions of XunruiCMS, potentially allowing complete system compromise.

💻 Affected Systems

Products:

XunruiCMS

Versions: Up to and including v4.5.1

Operating Systems: Any OS running PHP (Linux, Windows, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to v4.5.1 are vulnerable by default. No special configuration required.

📦 What is this software?

Xunruicms by Xunruicms

View all CVEs affecting Xunruicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system-level access, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Web server compromise leading to website defacement, data theft, and use as a foothold for lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation, web application firewalls, and minimal privileges preventing lateral movement.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication, making internet-facing instances immediate targets.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised internal systems, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Attack requires only HTTP GET requests with crafted parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.5.2 or later

Vendor Advisory: Not publicly documented by vendor

Restart Required: No

Instructions:

1. Backup current installation. 2. Download latest version from official source. 3. Replace all files except uploads directory and configuration files. 4. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Block suspicious GET requests containing PHP code execution patterns

WAF-specific rules to block requests with suspicious parameters in index.php

File Permission Restriction

linux

Remove execute permissions from index.php or restrict access

chmod -x index.php
chmod 644 index.php

🧯 If You Can't Patch

Isolate affected system in separate network segment with strict firewall rules
Implement application-level input validation and sanitization for all GET parameters

🔍 How to Verify

Check if Vulnerable:

Check XunruiCMS version in admin panel or by examining source files. Versions ≤4.5.1 are vulnerable.

Check Version:

Check /admin/index.php?m=admin&c=index&a=public_main or examine file headers

Verify Fix Applied:

Verify version is ≥4.5.2 and test with known exploit payloads (in safe environment).

📡 Detection & Monitoring

Log Indicators:

Unusual GET requests to index.php with encoded payloads
PHP execution errors in web logs
Suspicious file creation in web directories

Network Indicators:

HTTP requests with base64-encoded or serialized data in GET parameters
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND uri="*index.php*" AND (param="*base64*" OR param="*serialize*" OR param="*system(*" OR param="*exec(*")

📊 Metadata

CVE ID: CVE-2021-38243

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: September 27, 2023

Last Updated: June 18, 2025

🔗 References

https://github.com/P0wfuu/xunruicms-RCE Exploit,Third Party Advisory
https://github.com/P0wfuu/xunruicms-RCE Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38243, you might also want to check these: