Cadmium CMS Exploit

CRITICAL (9.8) No Patch
cwe-434aenricharbitrary-file-uploadcadmium-cmscmsvulnerability

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Cadmium CMS is a web-based content management system used by some organizations for managing and publishing digital content. The vulnerability allows attackers to execute arbitrary code on the server by uploading malicious files through the file manager.

Am I affected?

You're affected if you use Cadmium CMS version 0.4.9. To check, run find / -name "admin/content/filemanager/uploads" -type f (be cautious of false positives).

Note: This is a specific vulnerability in Cadmium CMS and not related to other content management systems like WordPress or Drupal.

Affected Products

aEnrich / Cadmium CMS

How to fix

  1. Upgrade to Cadmium CMS version 0.5.0 or later from the official GitHub repository: https://github.com/cadmium-org/cadmium-cms/releases
  2. Immediate mitigations:
  3. Restrict network access to your Cadmium CMS instance (firewall it from the public internet)
  4. Audit admin account activity for suspicious access patterns
  5. Monitor for unauthorized file uploads

References