This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
β οΈ **Navigate CMS 2.8.7**. Affects only this version; the core component is the **extension management module**.
Q4What can hackers do? (Privileges/Data)
π» **Administrator Privileges**. Can upload arbitrary files (e.g., PHP backdoors), **take control of the server**, steal data, or pivot laterally.
Q5Is exploitation threshold high? (Auth/Config)
π **Low Barrier to Entry**. Requires admin login session, but **no additional configuration or complex steps**βjust tricking the user into clicking.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π οΈ **Exploit Available!** ExploitDB #48548 provides an HTML PoC, allowing direct construction of an attack page.
Q7How to self-check? (Features/Scanning)
π **Self-Check Method**: Verify if the extension upload interface includes a CSRF Token; scan the **/admin/extensions/upload** path using tools.
Q8Is it fixed officially? (Patch/Mitigation)
β **Officially Patched**. Upgrade to **2.8.8+** or apply the official patch (refer to VulnCheck advisory).