CVE-2022-32417 – PbootCMS v3.1.2 contains a remote code executio... (How to Fix)

Q: What is the severity of CVE-2022-32417?

CVE-2022-32417 has a CVSS score of 9.8 (CRITICAL). PbootCMS v3.1.2 contains a remote code execution vulnerability in the parserIfLabel function that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version of PbootCMS, a content management system. Attackers can compromise the entire web server through this vulnerability.

📋 TL;DR

PbootCMS v3.1.2 contains a remote code execution vulnerability in the parserIfLabel function that allows attackers to execute arbitrary code on affected systems. This affects all installations running the vulnerable version of PbootCMS, a content management system. Attackers can compromise the entire web server through this vulnerability.

💻 Affected Systems

Products:

PbootCMS

Versions: v3.1.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of PbootCMS v3.1.2 are vulnerable regardless of configuration.

📦 What is this software?

Pbootcms by Pbootcms

View all CVEs affecting Pbootcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, malware deployment, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Website defacement, data exfiltration, cryptocurrency mining malware installation, and credential harvesting.

🟢

If Mitigated

Limited impact through proper network segmentation, WAF rules, and minimal privileges, though RCE still poses significant risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication. Attackers can easily weaponize this vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.1.3 or later

Vendor Advisory: https://github.com/hnaoyun/PbootCMS/releases

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download the latest version from the official repository. 3. Replace all files except uploads and config directories. 4. Clear cache and verify functionality.

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block exploitation attempts targeting the parserIfLabel function.

File Permission Restriction

linux

Restrict write permissions on critical directories to prevent code execution.

chmod -R 755 /path/to/pbootcms/
chmod -R 644 /path/to/pbootcms/*.php

🧯 If You Can't Patch

Isolate the affected system from critical networks and implement strict firewall rules.
Implement application-level monitoring and alerting for suspicious file modifications or process execution.

🔍 How to Verify

Check if Vulnerable:

Check the version in /apps/home/controller/IndexController.php or admin interface. If version is exactly 3.1.2, you are vulnerable.

Check Version:

grep -r "version.*3.1.2" /path/to/pbootcms/ || php -r "include '/path/to/pbootcms/config/database.php'; echo \$config['version'];"

Verify Fix Applied:

Verify version is 3.1.3 or higher and test that parserIfLabel function no longer accepts malicious input.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to parserIfLabel function
File creation/modification in web directories
Suspicious PHP execution patterns

Network Indicators:

HTTP requests containing eval() or system() calls in parameters
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="*parserIfLabel*" OR params="*eval(*" OR params="*system(*")

📊 Metadata

CVE ID: CVE-2022-32417

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: July 14, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/Snakinya/Vuln/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://github.com/Snakinya/Vuln/issues/1 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32417, you might also want to check these: