Login Sign Up

CVE-2021-46037

8.1 HIGH
Path Traversal

📋 TL;DR

MCMS v5.2.4 contains an arbitrary file deletion vulnerability in the /template/unzip.do component that allows attackers to delete files on the server. This affects all systems running MCMS v5.2.4 with the vulnerable component accessible. Attackers can potentially delete critical system files, configuration files, or application data.

💻 Affected Systems

Products:
  • MCMS
Versions: v5.2.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation when /template/unzip.do endpoint is accessible.

📦 What is this software?

Mcms by Mingsoft

View all CVEs affecting Mcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical operating system files, leading to system crash, data loss, or service disruption that requires full system restoration.

🟠

Likely Case

Application disruption through deletion of configuration files, templates, or user data, causing service outages and potential data loss requiring restoration from backups.

🟢

If Mitigated

Limited impact if proper access controls and file permissions are configured, restricting deletion to non-critical application files only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the vulnerable endpoint but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.2.5 or later

Vendor Advisory: https://github.com/ming-soft/MCMS

Restart Required: Yes

Instructions:

1. Backup current installation and data. 2. Download latest MCMS version from official repository. 3. Replace vulnerable files with patched version. 4. Restart application server. 5. Verify fix by testing /template/unzip.do endpoint.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Restrict access to /template/unzip.do endpoint using web server configuration or firewall rules.

# Apache: RewriteRule ^/template/unzip\.do$ - [F]
# Nginx: location ~ ^/template/unzip\.do$ { return 403; }

File Permission Restriction

linux

Set restrictive permissions on critical directories to prevent deletion.

chmod 755 /path/to/mcms/template
chown root:root /path/to/mcms/template

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate MCMS instance from critical systems.
  • Deploy web application firewall (WAF) with rules to block file deletion patterns.

🔍 How to Verify

Check if Vulnerable:

Check if /template/unzip.do endpoint is accessible and responds to file deletion requests. Review application logs for unauthorized access attempts.

Check Version:

Check MCMS version in application configuration files or admin panel.

Verify Fix Applied:

Test /template/unzip.do endpoint with file deletion attempts; should return error or be inaccessible. Verify MCMS version is v5.2.5 or later.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /template/unzip.do with file deletion parameters
  • File deletion events in system logs from MCMS process
  • Error logs showing file not found after deletion attempts

Network Indicators:

  • HTTP POST requests to /template/unzip.do endpoint
  • Unusual file deletion patterns from MCMS server

SIEM Query:

source="web_server" AND uri="/template/unzip.do" AND (method="POST" OR method="DELETE")

📊 Metadata

CVE ID: CVE-2021-46037
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON