### Key Information #### Details - **Software Type**: Web App - **Software Name**: Vvweb - **Affected Version**: 1.0.5 - **Software Vendor**: Vvweb - **Software Link**: [https://github.com/givanz/Vvweb](https://github.com/givanz/Vvweb) - **Severity**: Critical - **CVSS Score**: 9.1 - **CVE Link**: Pending - **Affected Assets**: 163+ - **Discovery Date**: January 3, 2025 - **PoC Exploit**: [https://gist.github.com/OxHamy/f16fb399f8dd3a973acadc18fa07b1cb](https://gist.github.com/OxHamy/f16fb399f8dd3a973acadc18fa07b1cb) #### Description Administrators can access and modify plugin code without any validation mechanism to prevent malicious code execution. An authenticated administrator can modify plugins via the endpoint: `/vadmin123/index.php?module=editor&codetype=themes`. Through this endpoint, the PHP file (theme.php) can be modified to gain shell access to the web server. #### Reproduction Steps 1. Access the following endpoint: `/vadmin123/index.php?module=editor&codetype=themes` 2. Locate and edit `theme.php`, replacing its content with the following code: ```php ``` 3. Replace the IP and port in your listener (e.g., Netcat). 4. Save the PHP file and execute it by opening: `/vadmin123/index.php?module=editor&url=./&template=index.html` 5. Monitor your Netcat listener to receive a reverse shell connection. Individually, this vulnerability may not cause immediate impact, but when combined with password brute-forcing and XSS on the admin panel, it can lead to cookie theft and full compromise of the system. #### Proof-of-Concept (PoC) Video A PoC video is provided, demonstrating the exploitation process.