CVE-2021-46062 – MCMS v5.2.5 contains an arbitrary file deletion... (How to Fix)

Q: What is the severity of CVE-2021-46062?

CVE-2021-46062 has a CVSS score of 7.1 (HIGH). MCMS v5.2.5 contains an arbitrary file deletion vulnerability via the oldFileName component. This allows attackers to delete arbitrary files on the server, potentially causing denial of service or data loss. Any system running the vulnerable MCMS version is affected.

📋 TL;DR

MCMS v5.2.5 contains an arbitrary file deletion vulnerability via the oldFileName component. This allows attackers to delete arbitrary files on the server, potentially causing denial of service or data loss. Any system running the vulnerable MCMS version is affected.

💻 Affected Systems

Products:

MCMS

Versions: v5.2.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the oldFileName component, which appears to handle file operations without proper validation.

📦 What is this software?

Mcms by Mingsoft

View all CVEs affecting Mcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to permanent data loss, system instability, or complete service disruption.

🟠

Likely Case

Deletion of web application files causing service disruption, loss of user data, or defacement of websites.

🟢

If Mitigated

Limited impact if proper file permissions and input validation are in place, potentially only affecting non-critical files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

The GitHub issue shows exploitation details, making weaponization likely. Authentication may be required depending on configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.2.6 or later

Vendor Advisory: https://github.com/ming-soft/MCMS/issues/59

Restart Required: Yes

Instructions:

1. Backup your current installation and database. 2. Download the latest MCMS version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Restart the web server and application services.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to restrict file paths that can be deleted

Modify the oldFileName component to validate file paths against an allowlist

File Permission Restriction

linux

Set strict file permissions to limit what files the web user can delete

chmod 644 for web files, chmod 755 for directories, restrict web user to specific directories

🧯 If You Can't Patch

Implement strict file system permissions to limit the web application user's access
Deploy a web application firewall (WAF) with rules to block file deletion attempts

🔍 How to Verify

Check if Vulnerable:

Check if MCMS version is 5.2.5 by examining version files or configuration

Check Version:

Check the version.txt file or MCMS admin panel for version information

Verify Fix Applied:

Verify installation of MCMS v5.2.6 or later and test file deletion functionality

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in web server logs
Multiple failed file deletion attempts
Requests to oldFileName with suspicious parameters

Network Indicators:

HTTP requests containing file paths in oldFileName parameter
Unusual patterns of file operation requests

SIEM Query:

source="web_server" AND (uri="*oldFileName*" OR method="DELETE") AND status="200"

📊 Metadata

CVE ID: CVE-2021-46062

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/ming-soft/MCMS/issues/59 Exploit,Third Party Advisory
https://github.com/ming-soft/MCMS/issues/59 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON