CVE-2022-27333 – CVE-2022-27333 allows attackers to delete the i... (How to Fix)

Q: What is the severity of CVE-2022-27333?

CVE-2022-27333 has a CVSS score of 7.5 (HIGH). CVE-2022-27333 allows attackers to delete the install.lock file in idcCMS v1.10, which resets the CMS configuration and data. This affects all users running the vulnerable version of idcCMS, potentially allowing unauthorized system reconfiguration.

📋 TL;DR

CVE-2022-27333 allows attackers to delete the install.lock file in idcCMS v1.10, which resets the CMS configuration and data. This affects all users running the vulnerable version of idcCMS, potentially allowing unauthorized system reconfiguration.

💻 Affected Systems

Products:

idcCMS

Versions: v1.10

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of idcCMS v1.10.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete CMS reset leading to data loss, unauthorized administrative access, and potential website defacement or takeover.

🟠

Likely Case

CMS settings reset requiring reinstallation and configuration, causing service disruption and potential data corruption.

🟢

If Mitigated

Minimal impact if proper file permissions prevent unauthorized file deletion and regular backups exist.

🌐 Internet-Facing: HIGH - Web CMS systems are typically internet-facing and directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub issue demonstrates the vulnerability and exploitation appears straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/Cutegod/idcCMS/issues/1

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Secure install.lock file permissions

linux

Set restrictive permissions on the install.lock file to prevent unauthorized deletion

chmod 444 install.lock
chown root:root install.lock

Remove installation directory

linux

Delete or rename the installation directory after setup to prevent reset functionality

rm -rf /path/to/idcCMS/install/
mv /path/to/idcCMS/install/ /path/to/idcCMS/install_backup/

🧯 If You Can't Patch

Implement strict file system permissions on the install.lock file
Monitor file system changes for unauthorized modifications to critical CMS files

🔍 How to Verify

Check if Vulnerable:

Check if running idcCMS v1.10 and verify if install.lock file exists and is writable by web server user

Check Version:

Check CMS admin panel or readme files for version information

Verify Fix Applied:

Verify install.lock file has restrictive permissions (e.g., 444) and cannot be deleted via web interface

📡 Detection & Monitoring

Log Indicators:

Unauthorized file deletion attempts
CMS reset or reinstallation events
Access to installation scripts

Network Indicators:

HTTP requests to installation-related endpoints
Unusual POST requests to admin functions

SIEM Query:

source="web_server" AND (uri="*install*" OR uri="*lock*" OR method="DELETE")

📊 Metadata

CVE ID: CVE-2022-27333

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Published: March 21, 2022

Last Updated: April 22, 2025

🔗 References

https://github.com/Cutegod/idcCMS/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://github.com/Cutegod/idcCMS/issues/1 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON