Summary

User input is not validated and is written to the filesystem

Details

\ParserLabel::addLabels() can be used to write attacker-controlled data into the custom language file that will be included at the runtime.

Impact

RCE vulnerabilities can have severe impacts on a system or application, including:

• Penetration — attackers can use RCE vulnerabilities as their first entry into a network or environment.
• Privilege escalation — in many cases, servers have internal vulnerabilities which can only be seen by those with inside access. RCE allows an attacker to discover and exploit these vulnerabilities, escalating privileges and gaining access to connected systems.
• Sensitive data exposure—RCE can be used to exfiltrate data from vulnerable systems by installing data-stealing malware or directly executing commands. This can range from simple copying of unencrypted data to memory-scraping malware that looks for credentials in system memory.
• Denial of Service (DoS)—an RCE vulnerability allows attackers to execute code on a system. This code can be used to exhaust system resources and crash the system, or to leverage the system’s resources to conduct DoS against third parties.
• Cryptomining—a common next step after exploiting RCE is to run cryptomining or cryptojacking malware that uses the computing resources of an infected device to mine cryptocurrencies, to the financial benefit of the attacker.
• Ransomware—possibly the most dangerous consequence of RCE is that attackers can deploy ransomware on the affected application or server, and spread ransomware through the network, denying users access to their files until they pay a ransom.