CVE-2023-27060 – LightCMS v1.3.7 contains a remote code executio... (How to Fix)

Q: What is the severity of CVE-2023-27060?

CVE-2023-27060 has a CVSS score of 9.8 (CRITICAL). LightCMS v1.3.7 contains a remote code execution vulnerability in the image:make function that allows attackers to execute arbitrary code on the server. This affects all systems running the vulnerable version of LightCMS. Attackers can potentially take full control of affected web servers.

📋 TL;DR

LightCMS v1.3.7 contains a remote code execution vulnerability in the image:make function that allows attackers to execute arbitrary code on the server. This affects all systems running the vulnerable version of LightCMS. Attackers can potentially take full control of affected web servers.

💻 Affected Systems

Products:

LightCMS

Versions: v1.3.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the image:make function to be accessible, which appears to be enabled by default.

📦 What is this software?

Lightcms by Lightcms Project

View all CVEs affecting Lightcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, malware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Web server compromise leading to website defacement, data exfiltration, and use as a foothold for further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal privileges, and active monitoring.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public references demonstrate exploitation techniques. The vulnerability appears straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable image:make function

all

Remove or restrict access to the vulnerable image processing functionality

Modify application code to disable or secure the image:make endpoint

Web Application Firewall rules

all

Block malicious requests targeting the image:make endpoint

Add WAF rules to block suspicious image processing requests

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Deploy application-level monitoring and alerting for suspicious image processing requests

🔍 How to Verify

Check if Vulnerable:

Check if running LightCMS v1.3.7 and if the image:make function is accessible

Check Version:

Check application configuration or package manager for LightCMS version

Verify Fix Applied:

Test if image:make function no longer accepts malicious input or is disabled

📡 Detection & Monitoring

Log Indicators:

Unusual image processing requests
Suspicious command execution in web logs
Multiple failed image processing attempts

Network Indicators:

Unusual outbound connections from web server
Traffic to image:make endpoint with suspicious parameters

SIEM Query:

source="web_logs" AND (uri="*image:make*" OR uri="*image/make*") AND (param="*system*" OR param="*exec*" OR param="*cmd*")

📊 Metadata

CVE ID: CVE-2023-27060

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: March 22, 2023

Last Updated: February 26, 2025

🔗 References

https://github.com/eddy8/LightCMS/issues/21 Exploit,Issue Tracking,Patch
https://igml.top/2021/05/10/lightcms-RCE/ Exploit,Third Party Advisory
https://github.com/eddy8/LightCMS/issues/21 Exploit,Issue Tracking,Patch
https://igml.top/2021/05/10/lightcms-RCE/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27060, you might also want to check these: