CRITICAL🇵🇱 Wersja polska

CVE-2025-32028

CVSS 9.9v3.1pub. 2025-04-08upd. 2025-07-30

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks ’.php’, ’.sh’, ’.js’, and ’.css’ files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3.

🤖 AI Analysis
How it works

The 'save' function in the 'HAXCMSFile.php' file blocks file uploads solely based on a denylist, which includes only the extensions '.php', '.sh', '.js' and '.css'. This list is incomplete and omits many other file types that can lead to server-side code execution. The system operates according to the 'fail open' principle, meaning in case of no match against the denylist it allows the upload instead of blocking it. An attacker with basic privileges can therefore upload an executable file with a different extension and execute it on the server.

Impact

An attacker can obtain remote code execution (RCE) on the server, leading to complete system takeover, confidential data leakage, and violation of application integrity and availability.

Mitigation & patch

HAX CMS PHP should be updated to version 10.0.3, in which the vulnerability has been fixed. According to the description, the fix addresses replacing the denylist approach with more restrictive control of allowed file types (allowlist).

Who is affected

HAX CMS PHP (product Psu Haxcms-Php) — versions earlier than 10.0.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Psu Haxcms PHP

    APP
    Psu
    9.0.0 – 10.0.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-54378HIGH8.3ten sam produkt

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and belo...

CVE-2025-49141HIGH8.5ten sam produkt

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `...

CVE-2025-49137HIGH8.5ten sam produkt

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the a...

CVE-2025-54139MEDIUM4.3ten sam produkt

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs version...

CVE-2025-53642MEDIUM4.8ten sam produkt

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not term...