Login Sign Up

CVE-2022-28527

8.1 HIGH
Path Traversal

📋 TL;DR

CVE-2022-28527 is an arbitrary folder deletion vulnerability in dhcms v20170919 that allows attackers to delete arbitrary folders via the /admin.php?r=admin/AdminBackup/del endpoint. This affects all systems running the vulnerable dhcms version, potentially leading to data loss and service disruption.

💻 Affected Systems

Products:
  • dhcms
Versions: v20170919
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to exploit, but the vulnerability exists in default configuration.

📦 What is this software?

Dhcms by Dhcms Project

View all CVEs affecting Dhcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system folders, leading to data loss, service disruption, and potential privilege escalation.

🟠

Likely Case

Deletion of web application folders causing service disruption, data loss, and potential follow-on attacks.

🟢

If Mitigated

Limited impact if proper access controls and input validation are implemented.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making internet-facing systems particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but may have additional network segmentation controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: none

Vendor Advisory: https://github.com/ShaoGongBra/dhcms/issues/5

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict Admin Panel Access

all

Limit access to the admin panel to trusted IP addresses only

# Example Apache .htaccess:
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
# Example Nginx:
location /admin.php {
    allow 192.168.1.0/24;
    deny all;
}

Disable Vulnerable Endpoint

all

Block access to the specific vulnerable endpoint

# Apache .htaccess:
RewriteEngine On
RewriteRule ^admin\.php\?r=admin/AdminBackup/del$ - [F]
# Nginx:
location ~* /admin\.php\?r=admin/AdminBackup/del$ {
    return 403;
}

🧯 If You Can't Patch

  • Implement strict access controls to admin interface
  • Regularly backup critical folders and monitor for unauthorized deletions

🔍 How to Verify

Check if Vulnerable:

Check if running dhcms v20170919 and verify the /admin.php?r=admin/AdminBackup/del endpoint exists and accepts folder deletion requests.

Check Version:

Check dhcms version in configuration files or admin panel

Verify Fix Applied:

Test if the workarounds are blocking access to the vulnerable endpoint and verify folder deletion is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /admin.php?r=admin/AdminBackup/del with folder parameters
  • Unexpected folder deletion events in system logs

Network Indicators:

  • POST/GET requests to vulnerable endpoint with folder paths

SIEM Query:

source="web_logs" AND (url="/admin.php?r=admin/AdminBackup/del" OR url CONTAINS "AdminBackup/del")

📊 Metadata

CVE ID: CVE-2022-28527
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: April 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28527, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)