CVE-2021-42183 – MasaCMS 7.2.1 contains a path traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2021-42183?

CVE-2021-42183 has a CVSS score of 7.5 (HIGH). MasaCMS 7.2.1 contains a path traversal vulnerability in the image asset API endpoint that allows attackers to read arbitrary files from the server filesystem. This affects all MasaCMS 7.2.1 installations with the vulnerable endpoint accessible. The vulnerability stems from improper input validation in the fileManager component.

📋 TL;DR

MasaCMS 7.2.1 contains a path traversal vulnerability in the image asset API endpoint that allows attackers to read arbitrary files from the server filesystem. This affects all MasaCMS 7.2.1 installations with the vulnerable endpoint accessible. The vulnerability stems from improper input validation in the fileManager component.

💻 Affected Systems

Products:

MasaCMS

Versions: 7.2.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the default installation and requires the /index.cfm/_api/asset/image/ endpoint to be accessible.

📦 What is this software?

Masacms by Masacms

View all CVEs affecting Masacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files like /etc/passwd, configuration files containing database credentials, or source code, potentially leading to full system compromise.

🟠

Likely Case

Unauthenticated attackers reading web application configuration files, source code, or other sensitive files stored on the web server.

🟢

If Mitigated

Limited impact with proper file permissions and web server configuration restricting access to sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates simple HTTP requests with directory traversal sequences to read arbitrary files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2.2 or later

Vendor Advisory: https://github.com/MasaCMS/MasaCMS

Restart Required: No

Instructions:

1. Upgrade MasaCMS to version 7.2.2 or later. 2. Download the latest version from the official GitHub repository. 3. Replace the vulnerable fileManager.cfc component with the patched version. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Use web server configuration to block access to the vulnerable API endpoint

# Apache: RewriteRule ^/index\.cfm/_api/asset/image/.* - [F]
# Nginx: location ~ ^/index\.cfm/_api/asset/image/ { return 403; }

Input validation filter

all

Add input validation to reject directory traversal sequences

# In application code, validate and sanitize all file path parameters
# Reject any input containing ../ or similar traversal patterns

🧯 If You Can't Patch

Implement strict file system permissions to limit what the web server user can read
Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Send a test request to /index.cfm/_api/asset/image/?file=../../../etc/passwd and check if it returns system files

Check Version:

Check the MasaCMS version in the admin panel or by examining the application files

Verify Fix Applied:

Attempt the same test request after patching - it should return an error or empty response

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /index.cfm/_api/asset/image/ with ../ sequences in parameters
Unusual file access patterns from web server process

Network Indicators:

HTTP GET requests with directory traversal patterns in URL parameters

SIEM Query:

web.url:*index.cfm/_api/asset/image/* AND (web.url:*../* OR web.param:*../*)

📊 Metadata

CVE ID: CVE-2021-42183

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: May 5, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/0xRaw/CVE-2021-42183 Exploit,Third Party Advisory
https://github.com/MasaCMS/MasaCMS Product,Third Party Advisory
https://github.com/MasaCMS/MasaCMS/blob/9bff7989ab902b2c42499bd4d1582e30d1ec4fe9/core/mura/content/file/fileManager.cfc#L368 Exploit,Third Party Advisory
https://github.com/0xRaw/CVE-2021-42183 Exploit,Third Party Advisory
https://github.com/MasaCMS/MasaCMS Product,Third Party Advisory
https://github.com/MasaCMS/MasaCMS/blob/9bff7989ab902b2c42499bd4d1582e30d1ec4fe9/core/mura/content/file/fileManager.cfc#L368 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42183, you might also want to check these: