HTTP: Total.js CMS 12 Widget JavaScript Code Injection
This signature detects attempts to exploit a known vulnerability against Total.js CMS. A successful attack can lead to arbitrary code execution.
Extended Description
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: global.process.mainModule.require(child_process).exec(RCE);
Affected Products
Totaljs total.js_cms
References
CVE: CVE-2019-15954
Short Name
HTTP:CTS:TOTAL-CMS-CMD-INJ
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
12 CMS CVE-2019-15954 Code Injection JavaScript Total.js Widget
Release Date
03/03/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Totaljs
CVSS Score
9.0