← Voltar para CVEs
CVE-2026-27760
HIGH8.1
Descricao
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/28/2026
Ultima modificacao4/28/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-94
Referencias
https://chocapikk.com/posts/2026/opencats-installer-rce/(disclosure@vulncheck.com)
https://github.com/opencats/OpenCATS/blob/46e4727/lib/CATSUtility.php#L142-L172(disclosure@vulncheck.com)
https://github.com/opencats/OpenCATS/blob/46e4727/modules/install/ajax/ui.php#L130(disclosure@vulncheck.com)
https://github.com/opencats/OpenCATS/commit/3002a29f4c3cada1aa2c4f3d4ae4e189906606b6(disclosure@vulncheck.com)
https://github.com/opencats/OpenCATS/pull/706(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/opencats-php-code-injection-via-installer-ajax-endpoint(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.