This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: BuilderEngine CMS (v3.5.0) suffers from **Arbitrary File Upload** via elFinder 2.0.β¦
π‘οΈ **Root Cause**: **CWE-434** (Unrestricted Upload of File with Dangerous Type). The flaw lies in the **elFinder 2.0** file manager component, which fails to properly validate uploaded file types or content.
Q3Who is affected? (Versions/Components)
π’ **Affected**: **BuilderEngine** CMS. Specifically, version **3.5.0** and potentially earlier versions using the vulnerable elFinder 2.0 integration. Vendor: **BuilderEngine**.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: Gain **Remote Code Execution (RCE)**.β¦
β οΈ **Threshold**: **Low**. The vulnerability is linked to **unauthenticated** arbitrary file upload (per VulnCheck advisory). No authentication or complex configuration is likely required to trigger the upload.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exploits**: **Yes**. Active exploits exist on **Exploit-DB** (ID 40390) and **Metasploit** (`builderengine_upload_exec.rb`). A demo PoC is also available on GitHub, indicating high risk of wild exploitation.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **BuilderEngine** CMS instances. Check for the presence of **elFinder 2.0** components. Look for upload endpoints that accept executable extensions (e.g., .php, .jsp) without strict validation.
π¨ **Urgency**: **CRITICAL**. Due to **unauthenticated RCE** potential and **publicly available exploits**, immediate action is required. Prioritize patching or applying mitigations to prevent immediate compromise.